GDPR and the C-Suite – What Do Executives Need to Know About GDPR
GDPR is likely to provide real growth opportunities for some businesses, and real challenges and problems for others.
As the deadline to become GDPR compliant approaches, businesses haven’t got long to ensure all their business operations and processes comply with this new data regulation. GDPR promises to make vast changes in the way businesses capture, manage, process and distribute personal data and will impact all organisations operating within the EU or doing business with EU citizens.
Here at Edward Drummond, we work closely with top-level executives and clients who are looking to ensure growth and prosperity in the marketplace. We thought we would highlight some key factors regarding GDPR that every executive and board member should know about this new regulation to make sure they are up to speed with how their business needs to adapt.
Although GDPR isn’t something that businesses are going to associate with revenue generation or maximising shareholder returns, it does signify a shift in the relationship between businesses and customers. As a result, it’s something worth fully understanding and something that may be the first of many changes and regulations put in place to shadow rapid advances and uses of digital technology.
To check you are GDPR compliant, you may need to seek accredited advice from a specialist firm.
What is GDPR?
GDPR (General Data Protection Regulation) is focused on protecting the privacy of EU citizens. The regulation aims to ensure businesses instil processes and procedures that don’t risk the exploitation of personal information. It will come into effect on 25th May 2018 and replaces the Data Protection Act 1998. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Potential fines for not complying with the regulation can be 4% of total global revenue or €20 million, whichever is higher.
The aim of GDPR is to empower EU citizens and give them greater control over how businesses store, use and manage their personal data. It should also make it simpler and clearer for compliance across the single market.
GDPR can be a catalyst to creating more transparent and visible business operations. Businesses that either don’t fully understand how they are processing data, or businesses that know they are mishandling data, will be forced to change. This is a huge benefit for everyone as it encourages businesses who value and respect their customer’s data to thrive, while businesses that are less transparent and unclear about the handling of customer data are vulnerable to new fines and clamp downs.
If there is any part of your business that handles any form of personal information, then it should be simple and clear to explain. Any confusion or complications around this type of data is a sign that a business isn’t prepared to be GDPR compliant.
What Counts as Personal Data for GDPR?
With regard to what constitutes as personal data, any business processing the following should look to meet GDPR standards:
- Identifiable data, such as name/address
- Web activity, such as IP, cookie data
- Health and genetic data
- Sensitive data
GDPR Key Terminology
There are 2 key areas that relate to the handling of data for GDPR, “controllers” and “processors.” A “controller” is a party that collects the data and should state how and why the personal data will be processed and used. A “processor” is a party that does the processing of the data.
More times than not, a “processor” is likely to be a dedicated IT team, agency, software or related type of service that is handling the data, while the “controller” could be any type of business.
Another term frequently used is “privacy by design.” This simply refers to systems and processes that incorporate privacy into their fundamental core, as opposed to being an after-thought.
Consent and Purpose
There should be very explicit and clear consent from a user that they understand how a business will use their data and agree to this. Pre-ticked, passive or assumed agreement is not an acceptable form of consent. There should also be a clear purpose and specific reason for collecting that data.
Users must also be able to withdraw consent at any time.
Tackling Challenges with Top Talent
Whether your business is looking for new talent in the wake of GDPR, or other changes in the marketplace, we’re here to help. Edward Drummond is a leading executive search firm with a proven track record of helping organisations overcome challenges and meet growth potential through hiring the very top talent in your market.
We set high standards, specifications that correspond to the needs of each client, not the ease with which we think we can find the person that matches them. Well-connected, with more than 80 years of specialist executive search experience, we have strong relationships with industry and regulatory bodies. Our innovative methodologies and source-led research techniques keep our fingers on the pulse and our recommendations right up to date.
In light of changing regulations, advances in technology and growing global connections, the need to acquire top candidates who can make a difference for your business is vital. To discover how you could benefit from the very best talent, please don’t hesitate to get in touch.