Why GDPR is a good thing for businesses

Authored by Bernard Marr.
4 min read
Laptop with graph
With just a couple of months left until GDPR becomes enforceable, it’s important that businesses which deal with personal data are ready by now, explains our business expert Bernard Marr…

With the potential for huge fines – as well as potentially catastrophic loss of consumer trust – for anyone who gets it wrong, much that has been written about GDPR has painted it as a liability, from a business point of view.

In my view, though, this is the wrong way to think about it. GDPR actually offers businesses and organisations of any size huge opportunities. Here’s why…

Big data is driving advancements

Look at it like this – data is fast becoming the lifeblood of the digital economy. The vast increase in the amount of data out there – from social media posts, to internet browsing habits, to data generated by connected machines in the Internet of Things (external link) together with sophisticated new methods of analysing and crunching that information, is what we collectively know as ‘Big Data (external link)’.

Big Data is helping to achieve some amazing things – from personalised online shopping to advances in medicine that promise to create new treatments for killer diseases. And it isn’t just huge multinational corporations using it any more. Thanks to the ever-growing number of cloud-based, ‘as-a-service’ offerings, businesses of any size are now using Big Data analytics to discover new ways of offering what their customers really want.

GDPR will build trust from consumers

But we risk all of this failing if one essential ingredient isn’t sowed right through the process – trust.

GDPR has been designed with the general public’s interest at heart, right from the start. The idea is to give consumers – who are all of us – confidence that their data is treated correctly. In a world where more and more organisations are asking us to hand over our information in exchange for personally tailored services and greater convenience, it’s essential that this trust is there.

For a start this means we must explicitly give permission before companies can harvest and store our personal data – personal data being defined as any information which can be linked to a natural, specifically identifiable human being.

Different data regulations across territories have led to inconsistencies

There are good reasons that GDPR has been deemed necessary – until now, personal data gathering has been regulated by a loose assortment of laws that vary dramatically across different jurisdictions.

While not actually breaking any specific laws, businesses have been engaging in practices which many people would consider unethical when it comes to data gathering.

Why GDPR will remove ambiguity

GDPR removes a lot of the ambiguity around current data laws. If you are based in the EU or collect data of EU citizens, then you will have to:

  • get explicit permission from people who the data belongs to
  • be clear about what it is being used for
  • be ready to divulge what data is stored, and remove someone’s data if they say they no longer wish you to use it

The fact is, once people are confident that these protections are in place, then they will feel more comfortable about handing over their data in the first place. And in the long term, this will mean the type of ground-breaking data projects which really work, to drive growth and efficiency, will be all the more effective, right from the outset.

Fines for GDPR breaches are inevitable initially

It’s probably inevitable that there will be some large fines dished out soon after the grace period (GDPR has actually been written into law for nearly two years already) comes to an end. And hopefully this will only serve to let people know that, from now on, they can trust that there are tough regulations in place to crack down on the ‘cowboys’ who, until now, have found it quite easy to get away with large-scale, unregulated data harvesting.

GDPR really just encourages business to follow best practice which you really should be doing anyway, if you want to foster an environment of trust, in which your customers will be happy to share useful information about their lives with you.

On top of this, in my experience many organisations simply hold far too much data, which they are never going to use. All that retention cost money in terms of secure digital storage space, and causes liabilities. Reviewing and culling anything which doesn’t need to be kept is a great way of streamlining this aspect of your business.

It’s true that compliance may initially require some additional expense – in particular, the appointment of a chief data officer to oversee and respond to requests from the public. However, the benefits should quickly begin to outweigh this, once customers start to trust that their data is being properly protected.

At Hiscox, we want to help your small business thrive. Our blog has many articles you may find relevant and useful as your business grows. But these articles aren’t professional advice. So, to find out more on a subject we cover here, please seek professional assistance.

Bernard Marr

Keynote speaker and strategic advisor to companies and governments. Bernard is one of the world's most highly respected voices when it comes to data in business; LinkedIn have ranked him as one of the world's Top 5 Business Influencers. Marr is also the founder and CEO of Bernard Marr & Co, an independent think tank and consultancy organisation.