To gain an insight into how the EU General Data Protection Regulation (GDPR) is going to affect the UK’s digital businesses, Future Fifty partnered with FTI Consulting and Osborne Clarke to run a panel discussion on Unpicking Data Opportunities and Navigating GDPR. We heard from Dr Stephen Page (Non-Executive Director at BSI Group), Nick Johnson (Partner at Osborne Clarke), Mayur Pitamber (Product Marketing Manager at Mimecast), and Paul Prior (Managing Director at FTI Consulting). Here’s what we learnt.

GDPR will give EU citizens better control, security and freedom of their personal data and the legislation will change how companies approach information security, data privacy and governance. This is the first change in regulation since 1995 when the digital world was very different.  Here’s what you need to know:

FTI Consulting

Data breaches do not just involve potential large fines, settlement and legal costs. They also damage a company’s reputation, and valuation. Yahoo, whose two data breaches together affected over 1.5 billion accounts, saw its sale price decrease by $350 million. It took them 3 years to realise their first data breach had happened, not 72 hours.

We heard interesting points from all panellists, who answered some challenging questions from the audience. We have summarised the key points below.

What you need to be thinking about

  • Have a clear understanding what personal data consists of. You need to know how you’re processing, managing and storing personal data as well as how to dispose of end of life data.
  • Develop company-wide awareness. The implementation of GDPR will affect everyone in your organisation, from the board down.
  • Recognise the Board’s role in the implementation of GDPR. The board members must be able to fully appreciate the scope and opportunities of GDPR in order to understand the resources needed to transform how the organisation handles personal data. They must also be able to sympathise with the way things are changing and approach GDPR in the same way they look at the supply chain.
  • Hire a Data Protection Officer. Depending on the size of your organisation and how big a part of your business data represents, you may need to hire a Data Protection Officer to drive compliance internally. It is estimated that 28,000 Data Protection Officers will be hired across Europe. The skills you should be looking for in your Data Protection Officer:
    • Expert knowledge
    • Thick skinned
    • Able to be both the voice of the customer and the company
    • Persuasion skills
    • Ability to influence, and say ‘no’

Implementation Process

May 2018 might seem far away but in order to be compliant, you have some potentially time consuming steps ahead. Below is a sample timeline (click image to enlarge):

FTI Consulting

Opportunities of GDPR

GDPR should not just be about hackers, it’s also about how companies and their employees are accessing and using information. The GDPR legislation will affect all companies who handle EU citizens’ data, regardless of Brexit.  Data strategies and capabilities will need to be reviewed to comply with GDPR; innovative businesses should take the opportunity to look at how they can capitalise and develop data assets.

This brings a number of opportunities:

  1. Use privacy as a competitive advantage – Develop transparency and trust with your customers by engaging and communicating with them on the issue and demonstrate that their data is being held securely.
  2. Improve your operating model by looking at your data inwards.
  3. Hire a Data Protection Officer who can innovate – As we heard during the session, a number of companies, who have data as an integral part of their business, are hiring a Data Protection Officer who can at the same time be their Head of Innovation.
  4. Develop richer products and services by allowing the execs and board members to understand the scope and opportunities of GDPR.
  5. Clean up your databases – you might, like Yahoo, be storing data which you’re not even aware of.

The GDPR legislation is forcing businesses to look at their data strategy. If done properly, this will optimise the value of the data your company holds.

For more information on GDPR, read FTI Consulting’s guide, ‘A pragmatic approach to implementation’, or visit FTI Communications.

Key contacts:

Charles Palmer, Global Head of TMT

FTI Consulting

T: +44 20 3727 1400

Nick Johnson, Partner

Osborne Clarke

T +44 20 7105 7080