Achieving GDPR Compliance: The Spark That Will Light a Fire of Change
It is said that innovation and creativity best flourish under pressure and constraint. Think about what the engineers and flight controllers had to do during the Apollo 13 moon mission after an explosion on the vessel. They were constrained by time, fuel, air and many other factors. They had to do things that had never been done before to save the lives of the astronauts.
Another example is the movie “Jaws.” The mechanical sharks used for the movie were extremely problematic, so director Stephen Spielberg changed the way he made the movie, using the shark only sparingly to create a more dramatic impact. Arguably, this actually created a better movie.
As a final example, American musician Jack White has said that it is essential for him to use things like self-imposed tight deadlines to force his creative hand. He said that having all the money, time or colors in the palette ultimately kills creativity.
The process of complying with General Data Protection Regulation (GDPR) could present organizations with this same type of unexpected opportunity. IBM Security and the IBM Institute for Business Value wanted to understand if there was a group of organizations that was using their GDPR preparations as an opportunity to transform how they were approaching security and privacy; data and analytics; and customer relationships. Were organizations turning this compliance challenge into an impetus for broader transformation?
To answer this question, we surveyed 1,500 GDPR leaders — such as chief privacy officers (CPOs), chief data officers (CDOs), general counsels, chief information security officers (CISOs) and data protection officers — representing 15 industries in 34 countries between February and April 2018. We wanted to capture their practices and opinions as close to the May 25 GDPR compliance deadline as possible.
The results of that research are captured in the new report, The End of the Beginning: Unleashing the Transformational Power of GDPR.
Common GDPR Compliance Challenges
During the last couple years as organizations have been preparing for GDPR, they have been tested by both the effort involved and the cost of compliance. Organizations have been busy changing processes and developing new ones; creating new roles and building new relationships; training employees; and deploying new tools and technologies. Hopefully, all this can be leveraged for more than just compliance.
IBM’s CPO, Cristina Cabella, agrees. She has said, “In the market, I see GDPR as a great opportunity to make this culture shift and make privacy more understandable and more leveraged as an opportunity to improve the way we protect data, rather than be perceived as a very niche area that is only for technical experts … So, I think it is a great opportunity in that sense.”
The first thing we found was that many organizations still have a lot of work to do before they can achieve full GDPR compliance, even at this late a date. Only 36 percent of surveyed executives say they will be fully compliant with GDPR by the enforcement date and nearly 20 percent told us that they had not started their preparations yet, but planned to before the May deadline. Organizations could be waiting because of a lack of commitment from organizational leadership — or they are willing to risk taking a wait-and-see approach to see how enforcement works.
Using GDPR Compliance as an Opportunity for Innovation
And yet there was some good news in our respondents’ views of GDPR. The majority held a positive view on the potential of the regulation and what it could do for their organizations. Thirty-nine percent saw GDPR as a chance a transform their security, privacy and data management efforts, and 20 percent said it could be a catalyst for new data-led business models. This is evidence that organizations may see GDPR as a means to improve their organizations in the longer term by enabling a stronger overall digital strategy, better security, closer customer relationships, improved efficiency through streamlined data management and increased competitive differentiation.
In our research, we identified a group of leaders who met a specific set of criteria and see GDPR as a spark for change. Among other insights, we found that:
- Eighty-three percent of GDPR leaders see security and privacy as key business differentiators.
- Nearly three times more GDPR leaders than other surveyed executives believe that GDPR will create new opportunities for data-led business models and data monetization.
- Ninety-one percent of GDPR leaders agree that GDPR will enable more trusted relationships and new business opportunities.
We have crossed a threshold and entered a new era for data, security, privacy and digital customer interactions. While many organization may not have completed all GDPR compliance activities yet, it is vital for organizations large and small to ask themselves how GDPR can help position them for long-term success by unlocking new opportunities and unleashing their creativity.
To learn more about how organizations are using GDPR to drive transformation, please register for the May 22 live webinar, The Transformative Power of GDPR for People and Business, and download the complete IBV study.