2016 brought us approval. 

2017 brought us implementation. 

2018 brings us enforcement and a skateboarding analogy. 

Are you ready? Or, are you risking it?

There’s a lot of talk about the potential impact of GDPR, the number of SARs (Subject Access Requests) a company will receive, what the organizational risk is and repercussions of the fines and penalties. What it really comes down to is the risk tolerance of you, your organization and your customers. 

In my neighborhood, there’s a skate park I walk by nearly every day. As I watch the skaters dive into the bowl on their skateboards – which appear to be all shapes and sizes, I noticed something. The kids taking lessons (I live in Seattle… Yes, kids take skateboarding lessons) are wearing helmets, knee pads, elbow pads, long pants and shirts. When you look at the teen crowd, the helmets are gone, the dares and challenges are shouted out to do tricks and try something risky to be the coolest kid at the park. And, yes, there are adult skaters at the park too. Some are in helmets and pads and some are skating away, calmly, methodically and predictably with no protection at all. 

It dawned on me… 

Is GDPR just like everything else in our lives – a risk assessment based on our confidence and consideration of bad outcomes? It may just be. 

If you want to make sure everything is covered prior to any “bad” outcome that could possibly happen with the upcoming compliance regulation, you want to be geared up head to toe with every single protection in place. Analyst firms such as Gartner are taking the same position regarding GDPR – as are publications such as Information Management. 

"The GDPR will affect not only EU-based organizations, but many data controllers and processors outside the EU as well," said Bart Willemsen, research director at Gartner. "Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.” – Gartner

“On May 25, 2018, the General Data Protection Regulation will go into effect. To process personal [customer] data under GDPR, businesses will need to document their reasoning and show a legal basis as to why they require personal data. Penalties for failing to meet GDPR requirements could lead to fines of up to €20 million or 4 percent of the company’s global annual turnover for the previous year, whichever is greater. This level of financial penalty could have a serious impact on a company’s future, so you will see businesses scrambling to prepare.” – Information Management

If you haven’t already done so, it’s time you gear up now and protect against any potential risk GDPR could introduce to your organization. And, at a price tag of up to €20 million or 4% of annual revenue – no one would blame you. 

In fact, Gartner recommends organizations act now to ensure they are in compliance when the regulation goes into effect.” – Gartner

If your organization has landed on more of a wait and see approach, you may just be delaying the inevitable. Due to the complexity of managing all sources of personal data, you may still be in the risk analysis phase of understanding just what you would have to do to meet the requirements. You may be that adult skater in the part, going about your business day-to-day methodically and predictably. However, if you had a crystal ball or relied on Forrester’s predictions in their “Predications 2018: A Year of Reckoning” report, you would know that the report projects that 50% of companies not complying will do so willingly after weighing the cost and risk benefits of meeting GDPR standards. So, you may just end up wearing that protective gear – because who wants to explain their poor risk assessment after bad PR, steep fines and penalties have all occurred? 

However, maybe all of us still have that inner teenager – yearning to take a risk and try new tricks (even when that risk involves traumatic brain injury). I’m not saying non-compliance of GDPR will lead to traumatic brain injury, but it could leave a significant mark. 

The reality is, according to Forrester, “In 2018, data governance 2.0 will shine as it moves out of IT’s shadow to encompass the entire enterprise. CFOs, CMOs and all data stakeholders will be involved in data governance, not just traditional data stewards.” So, no matter what your organization’s risk tolerance is relative to GDPR’s recent go-live date of May 25, 2018… the data governance, personal data protection and data privacy conversation is already taking place. 

It just might make sense to invest in some gear to protect not only yourself, but your entire organization. 

Sources: 

Gartner: https://www.gartner.com/newsroom/id/3701117

Forrester: https://go.forrester.com/2018-predictions/

Information Management: https://www.information-management.com/opinion/predictions-2018-general-data-protection-regulation-boosts-interest-in-data-governance

CDC: https://www.cdc.gov/headsup/pdfs/helmets/headsup_helmetfactsheet_skateboard_508.pdf 

GDPR: https://www.eugdpr.org/

Elizabeth Dailing

Elizabeth Dailing

Senior Director of Portfolio Marketing

Elizabeth Dailing is Senior Director of Portfolio Marketing for Quadient. She is focused on positioning and expanding Quadient’s solutions in the Customer Communications Management (CCM), Digital Experiences and Data markets - all aimed at enabling an extraordinary Customer Experience. Her background includes strategic marketing, enterprise software sales, and marketing management in multiple data domains: security, movement, integration, and data quality. She earned her EDA certification from Xplor, her master’s degree focused on consumer research from the University of Illinois at Urbana-Champaign and MBA from ESLSCA, Paris, France.

Related Resources

Weaver Vale Housing Trust case study
Case Study

Quadient Helps Weaver Vale Housing Trust Manage Mail Better

Weaver Vale Housing Trust, a social housing provider, upgraded to Quadient's DS-85 folder inserter to meet inc...

Thames Valley Police case study
Case Study

Quadient Solution is just the Ticket for Thames Valley Police

Thames Valley Police, one of the largest non-metropolitan police forces in the UK, is using Quadient print management software to automate the production of their fixed penalty notices.
Tallaght Hospital case study
Case Study

Tallaght Hospital Realizes Huge Savings with Help of Quadient OMS

Tallaght Hospital installed into their new centralized mail room a Quadient DS-75 Folding & Inserting System that offers the perfect blend of productivity, versatility and convenience. 
Regent case study
Case Study

Quadient Solution is a Gift for Greetings Card Publisher, The Regent Group

The Regent Group selected Quadient's PrintMachine™ software and a DS-70 folder inserter machine for a speedy, cost effective mailroom solution.
Experience

Experience

A rich history of world-class leadership

Backed by the experts

Backed by the experts

Gartner, Forrester, and Aspire

Future-proof technology

Future-proof technology

8 billion personalized experiences annually

Proven results

Proven results

96% customer satisfaction rate