In a new white paper, BDO calls on enterprises to replace box ticking with P&L thinking when it comes to GDPR. BDO demonstrates how mature information security and data privacy programmes can enhance the professionalism of a company’s employees and reinforce an organisation’s public reputation and recalls that the cost of ‘bad’ data is estimated to cause between 15% and 25% loss of income for most companies.

Organisations still do not have the processes to assess cyber risk and its business impact. While 79% of public company boards are more involved with cybersecurity now than they were 12 months ago , still 23% of corporate directors do not even know if they have a cyber breach/incident response plan in place. Only half (52%) of organisations are set up for regular cyber security risk assessments and not more than 40% of organisations are able to assess vendor risk .

Article 32 – ‘security requirements’ of GDPR requires organisations be more structured and formal in their protection of personal information and demands. The investments and resources allocations that this demands will see organisations end up streamlined performance and reduced data management costs – essentially a lean data revolution, meaning:

1/ GDPR requires ‘data minimisation’ – only collecting, using and retaining what is necessary for processing. The discarding of extraneous and expired information.

2/ Controlling data costs – This is in stark contrast with the ‘gather it all and sort it out later’ / ‘keep everything indefinitely – just in case – because storage is cheap’ philosophies that many businesses have accidentally adopted.

3/ Dormant data – Perhaps more importantly, with the GDPR transformation expected to purge the ‘haystack’ of expired, extraneous information, staff will find the ‘needle’ they need faster and be less apt to use outdated information to support decisions – ‘bad’ data leading to an astonishing 15% to 25% loss of income for most companies .

Companies preparing for GDPR should think beyond penalty avoidance. GDPR is a springboard, a process in which companies transform and build a stronger foundation for both execution and strategy. Enterprises should expect to lower the cost of infrastructure, operations and to unlock information to support business decisions. A clear picture of data flows provides insight for improvement: safer, more efficient and less costly operations. We will see that GDPR preparations lay the foundation for an organisation’s digital future, identifying new growth opportunities, trough not big data but lean data.