GDPR Still Challenging Internal Legal and Compliance Teams

GDPR Still Challenging Internal Legal and Compliance Teams

Despite their positive intentions, legislators and regulators have posed major problems for corporate counsel by failing to foresee the enormity of the task of audit-able compliance, both within the public and private sectors.

So if anything,as we approach two years is a timely opportunity to reflect on whether or not guidance from legal practitioners – in-house or external – has been capable of execution.

GDPR policy direction and regulatory enforcement 

If we look closely at several key GDPR principles such as the “right to be forgotten” and “purpose limitation”, they each require major investment not only in policy and process but also in technology. For example, the regulation effectively demands that organisations have complete visibility over all data stored, in any format and in any location. This involves near real time reporting and requires the ability to respond to a Subject Access Request in a month and data breach within 72 hours. This takes the GDPR preparation below the level of providing a privacy policy and the accompanying DSAR request link on the company website..

Compliance: The story so far the good and the not so good

In practical terms, the private sector has largely taken the GDPR seriously, providing direction on active and demonstrable consent to retail customers. Anecdotal evidence has also suggested that the “privacy by design” concept is being respected when it comes to integrating compliance features into new products and services. In one instance, a global UK-headquartered bank CDO has made sure that anonymisation is in place when analysing its Personal Data to improve its wealth management products and services.

Yet, surprisingly large institutions, especially the insurance and recruitment sectors, are still at an mid stage of data discovery. This includes identifying precisely where, and in what form and volume, Personal Data lies across their legacy data landscape. As a result, such discovery should be urged by legal counsel, along with a gap analysis on their processes and technology – at least to provide an in-flight road map for remediation.

Beyond sanctions: The business benefits of successful compliance

While defending against fines and reputational damage is undoubtedly front of mind for the private sector, there are several positive up-sides to effective GDPR compliance – all worth the attention of legal practitioners.

  • Promoting GDPR compliance to improve operational efficiency

Deletion of unwarranted Personal Data retention has led to two major UK insurers to pro-actively down-size the “dark data” they hold, representing on average in excess of 30 per cent of all information held by corporate. This has resulted in reduced back-up and data storage costs and, in turn, increased ROI. Simultaneously, they have effectively cleansed data in anticipation of executing digital transformation initiatives.

  • Using GDPR as a benchmark for better due diligence during M&A

This can be applied both from the point of view of a subsidiary sale, as well as the data discovery necessary on a subsidiary purchase.

  • Provisional linkage of data in all formats for revenue gains

By ensuring compliance, organisations have the ability not only to facilitate replies to a Subject Access Request, but also achieve greater goals from compliant data mining and value extraction – ultimately leading to enhanced revenues.

The GDPR ambiguity

For legal counsel, the GDPR has sparked a host of complex issues from both the regulatory enforcement and policy guidance side. However, for the perceptive the regulation has, somewhat paradoxically, provided a key opportunity for executing key business goals and driving a competitive edge

Legal Counsel and internal  compliance teams need a full 360 view of GDPR  and promote the benefits of the regulation.

Start your 360 review today  by booking a  GDPR Comprehensive gap analysis and remediation assessment and report 

Sharing is caring!

shares
error: Content is protected !!