Are you a risk taker or are you the belt and braces type? There is no doubt that as the GDPR deadline draws closer, it’s front of mind daily. But a recent survey reveals that not everyone is operating in panic mode and two distinct factions have formed – those GCs who are getting on with it and are nearing full compliance already, and those who are taking the risk and waiting to see how the data privacy laws will be implemented.
FTI Consulting Inc.’s 2018 Advice from Counsel Survey canvassed to 30 in-house lawyers at Fortune 1000 corporations and found around 80 percent of respondents’ companies will be impacted by GDPR. But while some of those respondents are preparing to adhere to the legislation as soon as possible, others are waiting to see how the rules will be enforced before overhauling their data storage or IT strategies. But given the heavy fines that could be imposed, that is a significant risk to take.
And yet, while having no strategy in place is unadvisable, there is something to be said for taking the time to fully consider your GDPR strategy before implementation. The deadline is approaching, but early compliance doesn’t mean completed with all the boxes ticked. It means having a demonstrable plan in place and being seen to be executing on it. So instead of rushing for compliance and doing the bare minimum so you can reassure the board that your organisation is legally sound, take GDPR as an opportunity to consider your documentation and data strategy.
GDPR centres on keeping the personal data of all EU citizens safe, so regardless of where an organisation is operating, if it handles any information on a person within the EU, then that data must be kept safe. This means organisations must have the permission of the user for the data to be processed, it must be kept secure and, if the citizen so wishes, deleted completely. Companies who fail to comply risk huge fines. The challenge for most organisations is locating and changing every single contract and document. Updating privacy clauses and managing the process across your organisation is not only time consuming, but will require significant resource. And while your instinct might be to just get compliant at any cost as quickly as possible, taking the time to rethink how your department (and wider organisation) uses data, what information is digitised and where that information is kept could mean more thorough compliance and a better use of the investment your organisation had already made in GDPR.
One study from the International Association of Privacy Professionals and EY revealed that Fortune 500 companies will spend a combined $7.8bn on getting compliant – a staggering $16m each on average. And while your organisation might not be spending anywhere near that amount, it is taking time, money and resource to achieve GDPR compliance, and that’s an investment which could be working much harder than just achieving the bare minimum.
To make the most of your investment, get your data to work harder for you. By digitising your contracts and using that data to drive deeper insights, you can help your organisation make commercial predictions and decisions. This means you are driving more value from GDPR than just going through the motions. The effort and time that compliance devours could be of much greater use to your organisation, not just in terms of having all your legal data centrally managed and searchable, but driving greater commercial gain and adding to the bottom line.
By improving your contract management and having your digitised data in one place, it gives you the added benefit of having the answers to questions, such as whether you are overpaying some of your suppliers, or what terms and conditions are out of date. All of which help reduce risk throughout the organisation and improve business performance. So, while GDPR might be a constant thorn in your side, it also might be the catalyst you needed to be proactive when it comes to the state of your data and to start seeing the benefits that contract and data management can offer. Think about it.