Tick the box on GDPR or go above and beyond?

Unsolicited use of personal data can cause great reputational damage. Some companies discover this the hard way. On top of that, new laws on data protection came into effect in May. How should a responsible company act?

By now, many organizations that store and use personal data have taken the necessary steps to ensure compliance with the EU’s General Data Protection Regulation (GDPR). For example, by updating their privacy statements and implementing solid internal processes. Other companies are on their way to GDPR-compliancy while others haven’t yet started. In recent research by software company Talend, only 35 percent of all companies in the EU responded to data requests as prescribed in the new regulation. Much-heard arguments for not initiating GDPR-projects are a lack of resources and a willingness to take a calculated risk to be fined at some point. This is understandable, as the authorities cannot audit everyone at once. Nevertheless, a risk is still a risk.

Misuse of personal data

The extensive use of personal data by big tech companies has certainly fuelled the backlash they now experience in the media and in the political arena. An example being the public outrage that followed the shameless manipulation by Cambridge Analytica of large demographic groups with personal data of Facebook users. It has become clear that unrestricted by law, misuse of personal data can have a destabilizing effect on societies. For this reason, a deeper appreciation of data protection and privacy as a human right has taken root in civil society and businesses alike.

GDPR-compliance is not a one-time effort. When you start your GDPR-journey as a company, you first have to get an overview of the data you have. Perhaps this will bring about the realization that you don’t need all these data. Often, there is a lot of obsolete and outdated data in different places that need structuring and cleaning up. One of the basic principles of GDPR is to prevent storing excessive amounts of personal data. For example, why store a home address when you only need an e-mail address or telephone number? Store only what you need

Many companies are aware of the necessity to be transparent about their data use, towards the very people of whom they collect it. But it’s just as important to create a culture around data privacy and protection within your own organization. Make sure that everybody understands the ‘why’ of it – it’s about the freedom and rights of people – and check this regularly using the processes that you have set up. Everybody is responsible, beginning with the CEO but certainly not ending there.

Commercial value?

Does GDPR-compliance have commercial value? Definitely. It’s in your best interest if your customers believe you are doing the ‘right thing’ by respecting their rights. After all, you can only build a sustainable enterprise on trust. Solid processes regarding the use of data also result in better quality data, that allows you to have a better overview of who your customers are. An obvious example is having the right contact information. Next to that, knowing where the data is that you are looking for, can dramatically improve the efficiency of the company processes.

There is commercial value in implementing and maintaining clear processes around GDPR. And there is also value in the trust you build with your customer. There is a risk if you don’t and that is to be fined by the supervising authorities and/or experiencing bad PR following a data breach. You have to balance these costs to the costs of doing things right. Do the math and the answer becomes clear very quickly.


Author: Patrick Tahiri, Security Compliance Manager.

Patrick Tahiri has a background from IT Operation and technology management. His key competences and area of responsibilities are the security of PCI environments, ISO 27001 audits, implementing information security procedures and GDPR consulting.

Digital Ability Report 2018/2019 : your free guide to digitization

Is your company fit for the future? What do you need to look out for to accelerate digitization and drive innovation? The Digital Ability Report 2018 by Basefarm provides well-founded answers and valuable insights.

This summer, we did a survey to find out the current state of digital maturity of companies and the criteria that have to be met in order to be and remain sustainable.

The report has arrived!

We have received answers from over 200 European IT decision-makers from various industries and evaluated how SMEs and large companies are positioned in the areas that determine digital competence and decide on digital success:

  • big data (data maturity)
  • cloud computing (Acceptance)
  • information security
  • innovation management

Free download!

The Digital Ability Report 2018 gives you insights and tips on how to accelerate innovation, improve digital skills and create success for your business and your customers.

Download the report!

This might interest you too:

How does digital transformation actually work?

Cloud Guide 

Data Thinking: A guide to success in the digital age

Data Thinking: A Guide to Success in the Digital Age

How do we keep up with the pace of digitalization and take control over our own digital development? And how do we learn new skills and routines that lead to successful digitalization? It all starts with a modern way of thinking and acting. At Basefarm we call it Data Thinking.

How does digital transformation actually work?

To master digital transformation in your business and put data-driven business models into practice, a digital mindset and comprehensive empowerment originating with corporate management is required.


By Trond Bjerkvold.

5 IT Trends that will shape the next 5 years (Part 5): Enterprise AI

For a long time the topic of artificial intelligence (AI) has been moving minds as it inspires fantasies and stokes fears. The step from machine intelligence to notably AI has caused the first entertaining and practical applications. This year, AI is starting to make an impact in entire companies, representing another significant leap: from individual to company-wide use.

5 IT Trends that will shape the next 5 years (Part 2): Data Ethics

The targeted, quick use of data in large volumes from various sources – Big Data – is becoming ever more commonplace within companies. As is the protection and security of this data, of course. But a crucial component has to be added, which addresses the responsibility of individuals and companies when dealing with data: data ethics.

5 IT Trends that will shape the next 5 years (Part 1): Data Thinking

Big Data and Cloud are central to pretty much all the technology topics of our time. From Industrial Internet and the Internet of Things to machine learning and deep learning to artificial and business intelligence – and beyond. Seems clear so far, right? To date, however, there have been few answers to the question of how everything will proceed. Answers are now due. It’s time for piecing together the bigger picture, which we will be doing in a small blog post series. Let’s start with Data Thinking.

Demystifying AI @ AAIC – *um makes Artificial Intelligence comprehensible

The first Applied Artificial Intelligence Conference (AAIC) took place in Vienna at the end of May. Solution developers, prospects, and users from different industries came together to exchange views on the application of Artificial Intelligence (AI). Unbelievable Machine was present as partner and exhibitor. The *um Data Scientists Ingo Nader and Clemens Zauchner explain our contribution to the understanding and applicability of the technology.

The four greatest challenges for IT leaders

Against the backdrop of new technologies and the ever-more demanding requirements of customers and/or employees, IT leaders in companies are constantly faced with new challenges.