It’s beyond debate that data is one of a company’s most valuable resources. The total revenue from online advertising in 2014, for example, reached US $49.5 billion, the majority of which is based on users’ personal and demographic information to show more relevant messages. The direction of travel since then has only been in one direction.
The European Union’s new law, the General Data Protection Regulation (GDPR), focuses on controlling the use of individual persons’ private information and ensuring that it can be protected. If your company violates the regulation, you could face penalties of as much as 4% of your annual global revenue or €20 million, depending on the details and severity of the violation.
To avoid incurring substantial fines, businesses need to plan well in advance on how to deal with the requirements of GDPR. Although the details may vary from one organization to the next, the roles and perspectives listed below are some of the most important for your company to take into account.
CEO and board of directors.
These people will mainly be interested in GDPR’s impact on their business processes. This means performing a top-to-bottom review of the relevant personal data that you handle.
CEOs and the board of directors may also want to understand the cost-effectiveness of their data strategy. Are you collecting and access more personal data than necessary? If so, check into reducing this amount. Continuing to accumulate silos of unused and potentially toxic data increases the need for encryption, and therefore will require more investment.