From 25th May 2018 the General Data Protection Regulation (GDPR) came into force and with it changes around trust. How does your business earn the trust of customers, employees and suppliers?
Let’s begin a quote:
“The best way to find out if you can trust somebody is to trust them” Ernest Hemingway
That’s pretty much how data protection legislation has worked in the past– you give personal data to a company you do business with, click ‘yes’ on a pre-ticked wide ranging set of terms and conditions that you probably haven’t actually read, and then see if they can be trusted to use your data responsibly. If you think they haven’t been trustworthy, there are routes to seek redress, but those take time and cost money and anyway, the trust has already been broken.
Why is trust so important? According to Gartner “trust drives the buying cycle”. Elevation to the iconic status ‘Superbrand’ relies on the question “Can the brand be trusted to deliver consistently?”. We know it matters and we each know it matters to the bottom line of our business.
From 25th May 2018, the regulations changed about how trust is given and what you’ll be trusted to do with the personal data you have access to. It’s not just a regulatory change, it’s a business change.
Scrutinise your business processes
Every business process needs to be scrutinised to assess:
- what personal data you are using
- how you are using that personal data
- how you are processing personal data
- how you are storing and accessing that personal data.
Now the GDPR is in force, you will need to prove that you had a legitimate business reason to make use of personal data and most importantly you must have gained explicit, informed, permission to do what you are doing. Consent statements can no longer be wide-ranging or all-encompassing and permission boxes can no longer be pre-ticked. All of which means that you’ll also need to assess what technology your organisation has in place to understand, manage, detect, measure, mitigate, comply and audit everything you are doing with personal data. What’s more, every person in every company is impacted and needs to understand what they can and cannot do with personal data.
Now you see why we believe it’s all about managing real change throughout your business – people, processes, technology and data. We also believe it’s about who you trust to support you in the journey towards GDPR compliance. Our customers have been trusting us for over 20 years to deliver real change.