GDPR replaces the old Data Protection Directive, it's time to act.

Challenges but also opportunities

The GDPR is the biggest change in the handling of personal data in 20 years and is something we all have to deal with. There are many challenges, but for those who act in time, there are also opportunities. We believe that tomorrow's winners are the companies that create competitive advantages by showing compliance and transparency towards GDPR. This requires active choices and acting proactively to make the necessary adaptations and changes, and in doing so, taking advantage of opportunities by identifying inefficiencies and ambiguities in existing processes.

GDPR as scaremongering

We feel that the GDPR, in some places, has been used as a scare tactic with the fine of 4% of global turnover or 20 million Euros as the main weapon. We don't think the threat of fines is the right way to draw attention to the changes, but it should be noted that the GDPR, like the previous Data Protection Directive, is not toothless and fines await those who do not comply with the regulation. Nowadays, anyone can file a complaint against any organization and every complaint should result in some kind of investigation. If you are found guilty, you will have to pay a fine, it is a fine and not a legal process, which means that the only option is to pay the fine and then appeal. A company's management can also be held personally liable for breaches which can mean personal fines, a big difference from the old Data Protection Directive. When you're talking about fines of 4% of turnover, you're probably talking about gross violations and deliberately ignoring the changes.

Change must be driven cross-functionally

We are convinced that GDPR is such an extensive change that it must be driven cross-functionally. Individual functions will not be able to solve everything that must be put in place, the issue must be driven from management and broadened to involve all functions that have access to customer and personal data.

How can WeSafe help you?

What we can mainly help you with is to make an analysis of your technical platform to return with an action plan for how to ensure that your platform has the basic functionality required to comply with the GDPR. Together we look at the current situation and based on that, we propose an action plan with risk-based prioritization of which activities should be carried out first. We also assist with the execution of the action plan.
In addition to the technical platform, we help you understand what the regulation means and create an understanding at a deeper level in the organization and, together with training for key personnel, ensure the right attitude that will be crucial to success. If we get it right, we will benefit from the demise of the old Data Protection Directive.