{"id":4316,"date":"2018-05-17T14:38:01","date_gmt":"2018-05-17T18:38:01","guid":{"rendered":"https:\/\/www.sage.com\/en-us\/blog\/?p=4316"},"modified":"2026-02-16T06:05:45","modified_gmt":"2026-02-16T11:05:45","slug":"how-businesses-can-use-the-gdpr-to-win-and-regain-trust","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-us\/blog\/how-businesses-can-use-the-gdpr-to-win-and-regain-trust\/","title":{"rendered":"How your business can use the GDPR to win and regain trust"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\tStrategy, Legal & Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t

\n\t\t\t\t\t\tHow your business can use the GDPR to win and regain trust\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t

\n\t\t
\n\t\t\t
\n\t
\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t
\n\t\t\t\n\t\t\t\t\"Asavin\"\t\t\t\tAsavin Wattanajantra<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n
\n\n

When the General Data Protection Regulation<\/a> (GDPR) comes into effect on May 25th, 2018, it will give you an opportunity to win and\/or regain trust from your customers when it comes to personal data and privacy. The latter was something very important to the legendary founder of Apple.<\/p>\n

Back in 2010, at the All Things Digital: D8 Conference, Steve Jobs stated that the manufacturer of the iPhone had a very different view of privacy<\/a> than other companies in Silicon Valley.<\/p>\n

He said: \u201cWe take privacy extremely seriously. As an example, we worry a lot about location in phones. We worry that [for example] a 14-year-old is going to get stalked, or something terrible will happen, because of our phone.<\/p>\n

<\/video><\/div><\/div><\/p>\n

\u201cBefore any app can get location data, we don\u2019t make it the rule that they can get set up a panel and ask for permission, because they might not follow that rule. They must call our location services, and we put up the panel saying that this app wants to use your location data. We ask the user where it\u2019s OK with them, every time they want to use it.<\/p>\n

\u201cWe do a lot of things like that to make sure people understand what these apps are doing. It\u2019s one of the reasons we have the curated apps store \u2013 we have a rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud.<\/p>\n

\n

I\u2019m an optimist and believe people are smart \u2013 some people want to share more data than other people do. But ask them!\u00a0\u2013<\/strong> Steve Jobs<\/p>\n<\/blockquote>\n

\u201cA lot of people in Silicon Valley think we\u2019re really old-fashioned about this. Maybe we are, but we worry about this. We\u2019re moving more into the cloud, but privacy means that users should know what they\u2019re signing up for \u2013 in plain English, and repeatedly.<\/p>\n

\u201cI\u2019m an optimist and believe people are smart \u2013 some people want to share more data than other people do. But ask them! Every time. Make them tell you to stop asking if they get tired of you asking them. Let them know precisely what you\u2019re going to do with their data.\u201d<\/p>\n

Regaining control of personal data<\/strong><\/h2>\n

This view of privacy is central to why the General Data Protection Regulation<\/a> (GDPR) was proposed in 2012 and will come into place in May 2018. At the core of the new set of rules<\/a> is the move to give citizens back control of their personal data and to simplify the complex regulatory environment for businesses.<\/p>\n

It\u2019s about trust \u2013 the theory is that trust can be won with users using digital services, by giving them more information and control over how their data is used.<\/p>\n

This is crucial for businesses that process sensitive data on a large scale. GDPR<\/a> is an opportunity for organizations of all kinds to have a \u201cseal of quality\u201d for how they handle all personal data.<\/p>\n\n

The size of GDPR fines will drive businesses to change<\/strong><\/h2>\n

Orlagh Kelly is the barrister and chief executive of Briefed, a GDPR compliance<\/a> and training specialist. She believes that from a very basic infrastructure and data handling perspective, there\u2019s not much difference between the Data Protection Act 1998 and the legislation and requirements outlined in GDPR.<\/p>\n

She says: \u201cThe eight data protection principles that existed in the old legislation all appear in the new legislation.\u201d<\/p>\n

However, the fines for non-compliance are much larger. There are two layers of administrative fines that can be levied \u2013 up to \u20ac10 million, or 2% annual global turnover \u2013 whichever is higher, or \u20ac20 million, or 4% annual global turnover \u2013 again, whichever is higher.<\/p>\n

Orlagh says: \u201cThe real difference with how GDPR impacts businesses in a way that the Data Protection Act didn’t is the size of the fines.<\/p>\n

\u201cAny business that was a data processor wasn\u2019t under threat of being investigated or sanctioned. Those businesses tend to have had done nothing in terms of data protection compliance because it was never a big risk for them.<\/p>\n

\u201cWith GDPR, however, they can now be fined and sanctioned as much as any data controller, so that’s a big change.\u201d<\/p>\n

The threat of these heavy fines means there is much more a business case for organizations to change their digital systems and the way they process data.<\/p>\n

\u201cThe Information Commissioner\u2019s Office (ICO) can come in and audit a business,\u201d Orlagh continues. The attitude previously of \u2018let’s cross our fingers and hope we don’t have a breach\u2019 has changed because the ICO can walk in, much like HMRC can walk in with your tax affairs, and ask to see how you are complying.<\/p>\n

\u201cThe concept of accountability flows through GDPR. It’s no longer enough to comply. You need to at least be seen to be complying. GDPR sets what businesses need to do to meet that.<\/p>\n

\u201cThese are largely paperwork-based items in relation to having correct policies, proper data sharing agreements or contracts with third parties and having a training register identifying when all of their staff have been trained, which needs to be audit-ready at all times.\u201d<\/p>\n

Below\u00a0are three ways GDPR can benefit your business.<\/p>\n

1) Drive your digital business transformation with GDPR<\/strong><\/h2>\n

For many years, organizations have routinely collected user data with the consumer left in ignorance about how businesses were using their personal information. However, consumers are now savvier than ever on who stores information about them and why.<\/p>\n

GDPR<\/a> isn\u2019t simply a set of new rules to adhere to but an opportunity for digital business transformation<\/a> where organizations can become more customer-centric. The key principles of accountability and transparency require companies to find a right balance between the customer right to privacy and their legitimate business interests.<\/p>\n

This means forward-thinking C-suite executives<\/a> should not be thinking about the GDPR as a mere compliance challenge but instead as a positive opportunity for digital transformation.<\/p>\n

It\u2019s important that businesses get this right as this is critical to building trust as we move further into the fourth industrial revolution powered by data, new technology, artificial intelligence and machine learning.<\/p>\n

This means there are huge challenges and opportunities. Like Steve Jobs suggested, those that succeed will embed respect for privacy as a core brand value rather than treating it as merely as a compliance issue.<\/p>\n

Dave Rogers, business development manager at King of Servers<\/a>, says: \u201cWhereas digital business transformation is the transformation of business and organizational activities, processes, competencies, and models to leverage the changes and opportunities of digital technologies, GDPR is a profound transformation to protect personal data.<\/p>\n

\u201cIt\u2019s clear that both mirror each other in terms of approach and as such it\u2019s very clear to see how GDPR is a catalyst for digital business transformation. GDPR presents organizations with a real opportunity to build trust with their clients<\/mark> as it forces businesses to shed light on the data they store and how they use this valuable data commodity.\u201d<\/p>\n

Where the objective of the GDPR is to support digital process automation as a wrapper around legacy siloed data systems, Dave believes technology can power much of the change needed \u2013 however, he is clear that technology alone is not the answer.<\/p>\n

He adds: \u201cOrganizations must re-engineer their processes and activities, and develop their core competencies alongside the technology changes to fully comply with the GDPR requirements.<\/p>\n

\u201cIn doing so, they have the opportunity to remove old outdated systems and practices and embrace new efficient methods. In other words, the C-suite<\/a> must be responsible for leveraging digital transformation<\/a> that is fuelled by the hot potato that is GDPR.\u201d<\/p>\n

<\/video><\/div><\/div><\/p>\n

2) Use GDPR to move towards cloud computing<\/strong><\/h2>\n

Tim Hall is chief technology officer at Blue Logic<\/a> and has a decade of experience in the IT industry. He believes GDPR is a great opportunity to bring an organization into the cloud computing age and opens avenues for progressive technologies.<\/p>\n

\u201cAmbition and a passion to embrace the future is necessary to make your business\u2019s response to GDPR a successful one<\/mark>,\u201d he says. \u201cIf you can look past the short-term pain of GDPR compliance then you will reap the benefits of it in the long term.<\/p>\n

\u201cBusinesses should approach GDPR as a real opportunity to build new processes and systems that can benefit the customer and the business.<\/p>\n

\u201cThose businesses that grasp this opportunity with both hands will set themselves up to not just be compliant with the laws but be ready to continue to innovate as digital business transformation continues to reshape how businesses engage and interact with customers.\u201d<\/p>\n

3) Use GDPR to transform your approach to personal data and regain trust<\/strong><\/h2>\n

Dean McGlone, sales director at V1, says GDPR readiness requires organizations to reliably streamline all personal data held across disparate systems, network folders and potentially even paper-based storage.<\/p>\n

Although businesses need to be vigilant, he doesn\u2019t think it\u2019s all gloom and doom. He says: \u201cIt also represents a major opportunity for businesses to transform their approach to privacy, harness the value of data, and ensure their organization is fit for the digital economy.<\/p>\n

\u201cThe GDPR is a positive catalyst<\/a> [for businesses] to think carefully about their data processes, ensuring they treat personal data correctly and plug any gaps in compliance.<\/p>\n

\u201cAs a result, they will also be able to build more trusted relationships with their employees as well as identify new opportunities, such as making use of unused skills among existing staff, or pinpointing training requirements.\u201d<\/p>\n

The result is a more engaged and digitally savvy workforce \u2013 essential ingredients to any successful digital business transformation strategy.<\/p>\n<\/div>\n

\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t

Subscribe to our Sage Advice Newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Get our latest business advice delivered directly to your inbox.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSubscribe<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\"Working\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

When the General Data Protection Regulation (GDPR) comes into effect on May 25th, 2018, it will give you an opportunity to win and\/or regain trust from your customers when it comes to personal data and privacy. The latter was something very important to the legendary founder of Apple. Back in 2010, at the All Things […]<\/p>\n","protected":false},"author":356,"featured_media":4319,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[44],"tags":[116],"business_type":[41],"lilypad":[],"context":[],"industry":[],"persona":[100,101],"imagine_tag":[234],"coauthors":[586],"class_list":["post-4316","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategy-legal-operations","tag-compliance","business_type-growing-business"],"sage_meta":{"region":"en-us","author_name":"Asavin Wattanajantra","featured_image":"https:\/\/www.sage.com\/en-us\/blog\/wp-content\/uploads\/sites\/2\/2018\/05\/employeeretention.jpg","imagine_tags":{"234":"Enterprise Management"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice US","distributor_original_site_url":"https:\/\/www.sage.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/users\/356"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/comments?post=4316"}],"version-history":[{"count":1,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4316\/revisions"}],"predecessor-version":[{"id":35465,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/posts\/4316\/revisions\/35465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media\/4319"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/media?parent=4316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/categories?post=4316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/tags?post=4316"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/business_type?post=4316"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/lilypad?post=4316"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/context?post=4316"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/industry?post=4316"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/persona?post=4316"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/imagine_tag?post=4316"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-us\/blog\/api\/wp\/v2\/coauthors?post=4316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}