Since May 25, 2018, the General Regulations on the Protection of Personal Data have been in force. After almost 2 years, I share with you what Colibri-DPO noted and gives you a quick feedback on the challenges of GDPR compliance, which are sometimes beneficial for a company.
Obviously, the GDPR being mandatory, the main challenge for a company is quite simply to comply in order to respect the law and avoid any fine from the supervisory body of its country. (The CNIL in France, Editor’s note). This fine can go up to 4% of a company’s turnover.
The challenge here is to respect the law and especially not to be penalized monetarily.
In fact, the GDPR is an answer to the question: “Who has the right to know what about whom?” (Sources: CNIL). Getting into compliance therefore proves the importance you place on privacy, and shows that you are working for a more ethical world.
The challenge here is to take care of its CSR (Corporate Social Responsibility).
There is also an emerging commercial issue. The local authorities and the large groups having allocated a significant budget for their GDPR compliance, ask their service providers to be irreproachable on the subject . Indeed, a legal entity is responsible for its processing, but also for the processing carried out by its subcontractors. A subcontractor who does not comply with the GDPR, would therefore generate non-compliance of the legal entity. It is therefore natural to find the obligation to provide proof of GDPR compliance as a prerequisite in calls for tenders and other commercial negotiations. Subcontractors that do not comply are excluded when they are unable to prove their compliance with their prospect.
The point here is to differentiate yourself from the competition.
Unfortunately, still too few companies have become GDPR compliant. It is therefore not inconceivable to boast of being compliant (when you really are …), to build an improving image of your brand and its activity.
The point here is to maintain an image of confidence.
You would have understood it, the General Data Protection Regulation is not just a legal constraint, because it opens up perspectives on ethical, commercial and communicational issues that are beneficial for any structure.
However, since compliance can be time consuming and tedious, there are tools to achieve it. Colibri DPO was created for this purpose and centralizes all the tools necessary for good practices in the profession of Data Protection Officer (DPO).