A new report published by IBM this week suggests the General Data Protection Rule (GDPR) being put into effect May 25 will ultimately transform how most organizations manage data.
The survey of 1,500 GDPR leaders, conducted by the IBM Institute for Business Value and Oxford Economics, finds that while only 36 percent of respondents expect to be fully compliant with GDPR in time the meet the EU deadline, most are moving to unify their data management practices as part of an effort to both streamline operations and derive more business value from the data they collect.
A full 80 percent say they are reducing the amount of personal data they collect, and 78 percent say they are reducing the number of people who have access to that personal data. Another 70 percent say they are disposing of data that is no longer needed.
The biggest single GDPR challenge (79 percent) cited was performing data discovery and ensuring data accuracy.
Transformational opportunities
But, arguably the most interesting aspect of the report from a managed service provider perspective is that 59 percent of respondents see GDPR as an occasion for transformation or an opportunity to drive new data-led business models. Just under a quarter (22 percent) said they view GDPR compliance as a transformational business opportunity. Among that 22 percent, 74 percent said they were designing new products and services to fully implement security and privacy. A total of 93 percent of that subset of respondents have modified their incident response processes as part of achieving GDPR compliance.
As more organizations get past the basics of achieving GDPR compliance, many of them are about to discover they have either deliberately or accidentally implemented processes that make it much simpler to leverage data as a true business asset. In the process of discovering what personal data they collect, it becomes more apparent how to use the data they collect to get closer to their customers. A full 96 percent of survey respondents said GDPR compliance will be viewed as differentiator for the business. GDPR doesn’t require organizations to eliminate all the personal data an organization collects. Organizations just need to demonstrate they are able to manage that data and, when called upon, permanently delete it from their systems.
Looking beyond compliance
Failure to comply with those regulations might one day result in stiff penalties. But, many of the respondents to the IBM survey are betting there won’t be any significant fines levied starting May 25. Of course, the EU may decide to make examples of some organizations in the months ahead to provide a little extra GDPR compliance motivation.
GDPR naturally gets most of the attention these days when it comes to data security and privacy. But, similar regulations have already popped up all around the globe. Any organization that does business in more than three countries outside of the U.S. will probably encounter at least one of them.
Savvy MSPs, however, might want to shift the tenor of their GDPR conversations with customers away from merely achieving compliance to focus more on the benefits more streamlined data management processes will bring to the business well beyond May 25.
Photo: Wright Studio/Shutterstock.com