Risk management is key to successful GDPR compliance

by Nortal HQ, September 21, 2017

GDPR shouldn’t be seen as a risk but as an opportunity to update your organization’s approach to risk management. That will help build trust with clients and safeguard personal data.

Next year in May, life will become significantly more complicated for organizations that process personal data collected from European Union residents. The EU’s new General Data Protection Regulation (GDPR) is an unprecedented challenge for everybody who collects, stores and analyzes the data belonging to EU residents.

Gustav Poola, senior technology analyst at Nortal, believes GDPR compliance has to be approached from a risk management point of view.

“Companies need to establish a good risk-management culture in order to mitigate risks by falsely processing data,” Poola told conference audiences last week. “GDPR puts pressure on an organization’s leadership to rethink their current business models.”

Poola was speaking to an international community of data protection and privacy experts at the high-level E-volution of Data Protection conference. He explained that GDPR sets new rules, making the business environment harsher, as in many cases old business models and processes do not respect the new regulation. This means these old ways can no longer be used. The costs of becoming compliant with the new regulation may be as high as 10 million euros.

“The good news is, you can turn these costs into an investment that helps you generate new business,” Poola said. “Generally, challenges also mean opportunities for new and disruptive innovations.”

Looking at this challenge from a risk management perspective is important, as GDPR is not only about data, data governance or hefty fines for not being careful enough when collecting, storing and processing people’s personal information.

“Decision makers should understand that when fines are delivered, it is not the IT or the legal department who gets the blame for failing to comply with the regulation,” Poola explained. “It is the company as an entity that will be held responsible for putting people’s data at risk.”

A Gartner analysis predicts that less than 50% of the companies affected by GDPR will be compliant by the end of next year. This means the EU has the right to penalize these companies with fines of up to 20 million euros or 4% of a company’s annual global turnover — whichever is bigger.

If the prospect of being on the receiving end of a 20 million euro fine does not seem appealing, we suggest you act today. Read how to turn your compliance costs into an investment and keep your competitive edge here.

Gustav PoolaGustav Poola, Senior Technology Analyst at Nortal, focuses on maximizing the impact of joining trust technologies with informational concepts in the new digital era. He has more than 20 years of experience in the embedded technologies industry. Poola is more than happy to advise you on how to become GDPR compliant, please get in touch with him via email.