GDPR: are companies ready?

2 months before the implementation of the General Data Protection Regulation, companies’ situation vary. For some of them, communication around it can be blurry: we notice a lot companies trying to gather more information about it, but facing general, broad and confusing communication. At the end of 2017, more than 90% of companies were not really aware of GDPR! Others, on the other hand, have a more opportunistic approach to it and consider it as a potential new market. Each company needs to do a check-up on its relationship to data. The implementation of GDPR-compliance processes must be part of a personalized procedure, in which communication is adapted regarding the company, with real dedicated dialogue sessions. The goal is for the companies to really understand the impacts of this regulation on their businesses and to be able to decide which actions to take for that matter.

We are going to release on Thursday March 15th a course entirely dedicated to GDPR, to understand it, be well prepared and set up the adapted processes. This course has been co-edited with James Nauffray, founder of TechAgency, a European consulting agency which field of expertise is entirely data-driven. On this matter, Coorpacademy has chosen James as its Data Protection Officer (DPO)!

What are the first steps for the implementation of GDPR-compliant processes?

James Nauffray: Beforehand, the important thing is to be aware of it. There is an urgency of getting knowledge in a pragmatic, structured and company-focused way, taking into account its specificities. This type of dialogue must highlight the first indications on the level of exposure towards the regulation of the company, and allow the company to understand the real stakes and responsibilities GDPR will bring. If this is relevant for the company, it needs to name a pilot to lead the compliance actions, and sometimes gather an external team of experts around him/her to guide the GDPR-compliance actions. Then, a roadmap needs to be set up to map and evaluate personal data treatments, handle priorities and risks, (re)organize processes, follow the evolutions and set up a sustainable governance of personal data across all levels of the company.

We hear a lot about GDPR as a constraint, but what can companies win thanks to this new regulation?

J.N. : Actually, lots of things. Well-prepared companies will earn a virtuous governance of data which will impact all their departments, but they will also earn a better knowledge of their processes and treatments. The data lifecycle will result to be more sound, rational and the company will be considered as trusted digital third-party for its customers, partners and investors. To be conscious on how data is handled will empower all actors in the value chain, and they will as a result have a better knowledge of the data processes. Being recognized as a responsible and ethical data processor, you can find new opportunities related to a trustworthy digital third-party because data must before everything be a trust matter.