• by Juha Karonen , Op-Ed Contributor, September 15, 2017

The acronym GDPR is now on everyone’s lips -- and when mentioned, raises a sense of dread in us. Nevertheless, the EU’s General Data Protection Regulation (GDPR), which will come into force in May 2018, is not as scary as it seems. In fact, it’s possible to turn it into an advantage -- and with just reasonable effort, if you know what to do. 

This new privacy policy reinforces the rights of the individual and increases the responsibilities of companies that collect any personal data. 

In practice, this means that in the future, an individual must always consent to the collection of personal data. In addition, companies are only allowed to collect and use data for an acceptable reason. Violation of the regulation is subject to severe financial penalty. 

The fear of fines and a lack of expertise have led many companies to a decision to destroy all previously collected data and refrain from collecting any kind of data in the future. 

However, this is not the only option, nor is it the recommended one. Depending on the industry and the size of the company, it is possible to cope with the change fairly easily and at a reasonable cost. After all, customer data is crucial for business operations and targeted marketing. 

What kind of changes will the new regulation require? 

In the future, the user must always consent to the processing of personal data for digital advertising and marketing purposes. A cookie notification with an OK button is no longer sufficient, and the consent clause should be clear and understandable. 

In addition, there must be an acceptable reason for the collection of data, and the retention time must be defined. Finally, the company must ensure that it saves the data correctly, uses it correctly and removes it properly. Therefore, the change is all about defining processes and updating information systems. 

Technical solutions are simple 

It may seem that the requirements of the new regulation mean a major investment in technology. This is not the case, however, since it is possible to manage with only minor changes to existing systems. The larger task is to go through the data, mapping out what changes need to be made and to define processes. In practice, the changes will consist of updates to existing forms, databases, privacy clauses and so on. 

A partner is needed to implement the change 

At this moment, in many companies experts are sitting around the meeting table and wondering what to do with the new GDPR. At the same time, equally as many companies are not preparing at all, and may not even be aware that the new regulation applies to them as well. Since most companies collect some kind of data -- customer data, employee data or both -- the regulation applies to all companies. However, very few companies have the legal and technical expertise required for implementing the change, so a professional partner is always required. 

It is worth paying attention to the choice of the partner, because the implementer of the change and the future data processor must have the necessary expertise. This is required by the new regulation, so companies (i.e., data controllers) are accordingly obliged to use data processors that have sufficient guarantees of expertise and resources. 

Close collaboration between the data controller and the data processor is essential. Together, partners should go through all customer data, make necessary changes to the systems and define processes. By choosing an experienced partner, pitfalls can be avoided and the change can be implemented as efficiently as possible. 

Preparations for the regulation can be quick and easy 

Preparing for the new regulation may sound like a laborious and costly project, but potentially, it might take only a few days. This applies particularly to small organizations with only little customer data. You just have to go through the data, define the processes and make the necessary changes to forms, databases and privacy clauses. For large companies that collect a lot of personal -- and even sensitive -- data, the project is, of course, bigger and more expensive, but with a competent partner it can also be implemented as effectively as possible. 

Data isn’t to be feared, but something that can and should be collected! 

The solution is not to remove all existing data and to stop collecting new data, but quite the opposite. The new regulation should be seen as an opportunity, as it will make it possible to utilize customer data more efficiently and innovatively. 

The new regulation doesn’t mean that you have to throw perfectly good data away; you just need to make sure that afterwards you only have good and usable data left.