With less than 12 months to go until GDPR is enforceable, it is time to start looking at your customers, which services they subscribe to, and where you can help plug the gaps.
Begin speaking with your direct contacts within the business by asking whether GDPR has been discussed at a senior level and if so, has a Data Protection Officer been appointed, as it may well be your contact.
What should you be talking to your customers about?
Below is a list of questions you should think about asking your customers. These questions are built around the key areas of GDPR, and we think this is a good foundation for you to begin the conversation. Now is the time to be proactive with your customers, get in touch, discuss GDPR and what the top considerations are for them for May 25, 2018.
- Are you aware that the definitions of “Personal Data” and “Sensitive Data” have been expanded under GDPR?
- How is your organisation encrypting and protecting personal data, as this will be mandatory?
- Has your organisation started conducting data audits across departments?
- How transparent is your process for gaining clear consent from individuals about their data?
- Is your business able to produce notifications to affected individuals and the relevant authorities within 72 hours of any data breach occurring?
- Were you aware that significant changes in regulatory oversight of data protection will mean your assigned data processors will now have direct obligations under GDPR?
- How are you currently avoiding the aggregation of an individual's data as this could lead to their identification (Pseudonymisation).
- How are you handling an individual's enhanced rights, which include the right to be forgotten, data portability, and automated decision-making objection?
- Were you aware that your appointed data controller will have accountability for the data within their supply chain and for demonstrating compliance through design?
- As clear consent is required for the use of a child’s personal data if they are under 16, how are you capturing parental consent?
Main threats to your business — what you need to know!
While you're starting to talk to customers about GDPR, there are also a number of things you need to be aware of — for your own business — when it comes to GDPR and how you operate and provide services to your customers. There are threats that can affect your business, but there are opportunities, too.
You need to be aware that by not concentrating your efforts on GDPR, you could be losing business and end up seeing your customers and prospects choosing your competitors over you. Let's look at two important revenue threats and how you should respond:
Threat: Procurement scrutiny and non-inclusion in tenders and RFPs
Reponse: Positioning yourself as a trusted partner with knowledge of GDPR will encourage customers to select you as part of their ongoing tendering and procurement processes. If you cannot demonstrate expertise and compliancy in GDPR, it is entirely possible that you could be excluded from future tendering opportunities.
Threat: Non-compliance objections from existing/previous customers, which could lead to loss of customers/prospects to compliant competitors
Response: GDPR expertise will position you strongly in front of your existing customers. Expanding your expert knowledge and helping your customers to be compliant will make the choice easy for them. If, however you fail to become further educated as an expert in GDPR compliance, it is possible that you could lose opportunities to more knowledgeable competitors.
As a business too, there is every chance you might be holding customer data so this affects you as well. Even if GDPR doesn't affect you directly, you should know and pass the information onto your customers, and the direct financial costs could be huge. Here’s a short guide:
- Regulatory fines for non-compliancy could be up to either €20m or 4 percent of annual worldwide turnover.
- If you are subject to a claim, this could affect your insurance premiums, leading to higher insurance premiums in the future for non-compliance.
- If you are found to be negligent in any way in your advice then your customers could make compensation claims against you.
With changes comes great opportunity
It’s not all doom and gloom. Yes, there are threats, but there are also considerable opportunities for you and your IT services business. If you enable yourself with new knowledge and can be considered a trusted expert among your prospects and customers, you can benefit greatly. Here’s how:
- As your own business becomes compliant and you start to be seen as experts in the field of GDPR, you have a wonderful new marketing opportunity across email, social, blogs, and your company website to position yourself as ‘go-to’ experts.
- You can further promote any core GDPR services where you can specifically help your customers become compliant, such as audits, gap analysis, training, and consultancy.
- There could be opportunities for new partnerships with businesses that can fill any gaps in your portfolio or expertise — and where you can provide for them too.
- Mapping vendor solutions to specific areas of GDPR and increasing your solutions portfolio to offer greater coverage to customers provides you with:
- Better service/solution offerings for your customers and prospects
- More opportunity to market your business
So, how much of this is clear for you? Are you ready to get out there and start telling your customers about GDPR? If not, make sure you speak to us before you speak to your customers. We can help!