5 Surprising Side Benefits of GDPR Compliance

July 24, 2018

Now that the GDPR deadline has come and gone, the hard work of establishing compliance is over and the harder work of maintaining compliance has just begun.

Organizations have done a lot of work to attain compliance with the EU General Data Protection Regulation (GDPR), which took effect on May 25. The regulation affects organizations based in the EU, as well as any organizations, government agencies and companies that collect or use personal data tied to EU residents. In today’s digital, global economy, that criteria applies to more organizations than it doesn’t apply to.

Now that the deadline has come and gone, the hard work of establishing compliance is over and the harder work of maintaining compliance has just begun. The good news is that your customers can leverage the results of this work in many ways.

Here are five surprising side benefits of GDPR compliance:

1. Tightened security

The GDPR requires that organizations implement an appropriate level of security—at both the technical and organizational level—to prevent data loss, information leaks and other unauthorized data processing operations. There is no one platform for ensuring data loss prevention, of course; rather, it requires a dynamic combination of people, processes and products. What GDPR has done, even for companies that have had strong security in place all along, is push a discussion among business and IT staff about the data that needs to be protected, where it resides and what’s currently in place to safeguard it. Companies are also using GDPR as a jumping-off point to discuss future goals and anticipated requirements, and how security will need to be expanded, extended and/or changed to ensure continued data protection.

2. Greater security awareness

One of the main tenets of GDPR is that individuals should have greater control over, and ownership of, their data. GDPR also affords individuals extended protection rights, including in some cases, the right to data portability and the right to erasure. Before the announcement of GDPR, many people were likely unaware that their data needed protection—or even that personal data was even being collected at all. Companies, meanwhile—may have had a relatively loose interpretation of data protection and individuals’ data protection rights. GDPR certainly forces companies to expand security awareness, but it has also elevated the issue among end users. And greater security awareness benefits everyone.

3. Leaner security practice

Organizations most certainly have had to spend time and money to come into compliance with GDPR, but the work that they have done to document and maintain records of their security practices, audit the effectiveness of security programs, and close any gaps has in many cases resulted in a leaner, more efficient security program. This work will also strengthen organizations’ disaster recovery and business continuity plans.

4. More level data-breach playing field

Any organization that suffers a data breach should inform its partners and customers. However, data breach notification is sometimes a best practice, sometimes a regulatory or statutory requirement, and sometimes a contractual obligation. We’ve seen all too many incidences of a company withholding information about a data breach—days, weeks or even many months after the event. This is bad for customers of companies that don’t do the right thing, but it’s also bad for companies that do: They are effectively penalized (through lost trust, fines, etc.) for being upfront, while organizations that withhold information skirt by (for the short term, at least). GDPR includes specific requirements about when and how a data breach must be reported to affected parties. Of course, GDPR does not apply to every organization that deals in personal data, and it certainly doesn’t displace the different member state and other requirements that are still on the books. However, because of its reach—and, potentially, its influence—GDPR does go a way toward leveling the playing field.

5. Deeper trust

We tend to assume that everyone is comfortable working, shopping and conducting all manner of information-baring tasks online, but that’s not the case. There’s still a level of distrust among consumers (and many businesses), and those feelings are not necessarily misplaced. GDPR—and the regulations like it that are almost sure to come—helps to engender trust by clearly articulating data protection issues and what must be done to address them. This could result in more business being done online, which could result in reduced costs for businesses, which could result in an expansion of services, and so on, and so on.

Indeed, compliance with GDPR is just the beginning.

Learn more about how Oracle can help you on the road to compliance.

This guest blog is part of a Channel Futures sponsorship.