In its new whitepaper, BDO calls on enterprises to replace box ticking with P&L (profit and loss) thinking when it comes to GDPR. BDO demonstrates how mature information security and data privacy programmes can enhance the professionalism of a company’s employees and reinforce an organisation’s public reputation and recalls that the cost of ‘bad’ data is estimated to cause between 15% and 25% loss of income for most companies.
Organisations still do not have the processes to assess cyber risk and its business impact. While 79% of public company boards are more involved with cyber security now than they were 12 months ago , still 23% of corporate directors do not even know if they have a cyber breach/incident response plan in place. Only half (52%) of organisations are set up for regular cyber security risk assessments and not more than 40% of organisations are able to assess vendor risk .
Article 32 - ‘security requirements’ of GDPR requires organisations be more structured and formal in their protection of personal information and demands. The investments and resources allocations that this demands will see organisations end up streamlined performance and reduced data management costs – essentially a lean data revolution, meaning:
Companies preparing for GDPR should think beyond penalty avoidance. GDPR is a springboard, a process in which companies transform and build a stronger foundation for both execution and strategy. Enterprises should expect to lower the cost of infrastructure, operations and to unlock information to support business decisions.
A clear picture of data flows provides insight for improvement: safer, more efficient and less costly operations. We will see that GDPR preparations lay the foundation for an organisation’s digital future, identifying new growth opportunities, trough not big data but lean data.