We’re now well into the GDPR era. Is your company GDPR compliant? If so, congratulations! You’ve conquered what can be a daunting (and costly) process for companies that handle the personally identifiable information (PII) European Union (EU) residents. If not, you can at least rest in some solace that you are not alone. Nearly 40% of organizations report they are not yet fully GDPR compliant. There are two different ways to look at it, is GDPR a headache or an opportunity?
Approach 1: It’s a headache. Some companies view GDPR as a necessary evil that eats up money, time and resources; a sunk cost of doing business in the EU and a means to avoid fines of up to 4 percent of global revenue or €25 million. And no one can deny that GDPR compliance is costly to implement. According to a PWC Survey, 68 percent of U.S.-based companies expect to spend $1 million to $10 million on compliance.
Approach 2. It’s an opportunity. At the same time, forward-thinking companies can approach GDPR as a competitive advantage.
The GDPR competitive advantage is long-term
Your compliance is a positive decision-making factor for the many consumers who are troubled by the avalanche of stolen personal data—and shifting their buying behavior accordingly. Consider the findings from one recent study of 7,500 consumers in the EU and the US:
- 62 percent of respondents would blame the company, not the hacker, for their lost data.
- 72 percent of respondents would boycott a company that appeared to disregard the protection of their data.
- 50 percent of all respondents would be more likely to shop at a company that could prove it takes data protection seriously.
Being GDPR-compliant is proof that a company values data privacy. This is a boost to consumer confidence—a long-term competitive advantage that can more than offset costs compliance costs. And your customers will know. They will look for the telltale signs of GDPR—the opt-in browser message, the consent questions and updated policy notifications—to tell if your organization is in compliance.
Leverage GDPR to take control of data assets
In addition to increasing consumer confidence, companies can further leverage their GDPR competitive advantage by approaching it as an opportunity to gain better control of valuable data assets by:
- Developing a deeper understanding of where your highest-priority data assets lie.
- Exploring new data processes, such as more efficient ways to process customer data.
- Identifying ways to reduce data-related costs such as data storage.
- Designing and implementing a security infrastructure that reflects industry best practices.
Multi-factor authentication helps keep you at the top
How can organizations keep their GDPR competitive advantage? Success rides on long-term, continuous efforts to reduce the reputational and financial risks of a data breach.
For example, two key factors that GDPR regulators will use to assess fines include 1). How users are authenticated; and 2). How users gain access to personal data.
With this in mind, businesses should deploy a strong authentication solution that provides users with access to only the data they need, where and when they need it. In addition, authentication solutions should not detract from user productivity or be a hassle to administer—look for solutions that make it simple to accurately provision and de-provision access.
The Verizon 2018 Data Breach Investigations Report suggest the best authentication method is next generation multi-factor authentication (MFA). One example is our own DigitalPersona® composite authentication solution which offers a broad range of identification factors (biometric, behavioral, risk-based, contextual) to reduce dependencies on user-selected passwords.
Maintaining GDPR compliance is a global priority that requires solutions from global-minded businesses like Crossmatch. See how we’re helping organizations of all sizes and in all industries meet a wide range of security, convenience and compliance challenges. Read more >
Jeff Carpenter is Director of Identity and Access Management solutions at Crossmatch. In this role, he is responsible for evangelizing Crossmatch’s DigitalPersona® solution. In his 10+ years in cybersecurity, Jeff has held positions with a number of top tier cybersecurity and technology companies, most recently he was with RSA, a Dell Technologies company. Jeff earned a Bachelor of Science degree in Business Administration from Creighton University in Omaha, Nebraska. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.