The threats in getting it wrong are well publicised, the opportunities less so. I’m probably not the only person to notice that this weekend appeared to mark the start, in earnest, of media communications to the general public on their rights under GDPR.
I predict this train will gather speed as we accelerate towards the compliance deadline of 25th May 2018.
Whilst it’s not all about “consumers” (it protects the privacy rights of all individuals, staff, patients, donors etc), it does seem likely that with awareness will come greater expectations for organisations to demonstrate they are getting it right. The consequences of getting it wrong will be consumers opting for more trusted alternatives.
A recent study conducted for the UK Department for Culture, Media, and Sport by London Economics, a leading specialist economics and policy consultancy, showed the importance placed on trust when considering the benefits of GDPR.
In response, of the data protection professionals surveyed for the report:
“Only 21 of the 250… predict that the package of rights to data portability, erasure and access will increase their profitability.
It is noteworthy that the in-depth interviews revealed a lack of imagination and preparedness in terms of the more far-reaching impacts of GDPR, especially second-order effects such as the emergence of new data-centric business models and privacy & data protection as a competitive advantage.”
Make no mistake, with consumer awareness in privacy rights set to grow, there is a big opportunity for those that get it right to gain market share from those that don’t.
The value (and the threats) of personally identifiable information continue to grow, consumer awareness of the risks and the law continue to grow.
But, in the data war, an information security management system is your armour, a data privacy culture is your sword, and only the fittest will survive.
ISMS.online is an ISO 27001, UKAS accredited, platform for describing and demonstrating your information security management system.
You can use it as the simplest and fastest way to achieve your own certification or simply to help you meet GDPR requirements and practice the necessary work processes.
In addition, staff communications groups, HR frameworks, and a place to build out your training and awareness materials will help you develop your information security and data privacy culture.
Consumer trust is one of the Holy Grail’s for most responsible organisations, who can also equate that to profit.
We’ve now seen the importance that customers place on data privacy issues, but with no GDPR ‘certification’ available in the foreseeable future, how can an organisation offer assurances?
Certainly by handling any security incidents or events quickly and responsibly, as well as responding to Subject Access Requests in a compliant fashion that doesn’t lead to regulatory investigations or fines.
But it is more than just compliance. It is about demonstrating a commitment to keeping their information secure.
This can be achieved with a good privacy notice or email sign up, but also with an information security certification.
The latter, however, is often one of the first clear indicators a new customer will have that your organisation has the correct policies and procedures in place to protect them.
ISO is an internationally recognised ‘best practice’ set of standards and ISO 27001 covers the management of information security. It includes policies and processes for managing risk and incidents, as required by GDPR, and much more to demonstrate effective information security management.
Displaying the respected UKAS accredited ISO 27001 certification gives credibility and confidence.
A tailored hands-on session based on your needs and goals
