How your business can financially gain from your GDPR compliance

Back to News & Views

Wednesday 19th January 2022

The LCR4 START team were joined by the GDPR Defender team who discussed what GDPR is, the importance of compliance, how to implement it within a digital strategy and how businesses can use this toward their competitive advantage…

Jonathon Clark, GDPR Defender

Introduction

Although GDPR is a government legislation, it can become an asset to your business, particularly when the time comes to sell or when people want to invest in your company. Many popular perceptions of GDPR are considered to only apply to large organisations, however, we would advise that these apply to all businesses, despite the size.

 

Why should you be bothered?

Personal data is considered to be the new oil by some; needing to be protected otherwise you and your business can be opened to some big fines.

With many grey areas, it can be difficult to know if you really are fully compliant, however, the good news is that there are absolutely several things you can do to make sure you are as compliant as possible.

The majority of small businesses wanting to ensure they remain as compliant as possible, go to specialist websites, for example for privacy notices. On occasion, this may be 50-70% acceptable, but if someone was to look at your GDPR compliance in detail, it could open you up to non-compliance issues.

 

Being more compliant

There is no silver bullet, no nano-technology or AI that will do all of it for you. It is generally easier to fix these things at the foundation level, and then build up to maintain quality. As a Managing Director or Founder, this is going to be only one very important factor, but it is an essential part of every business with the ability to create and destroy value.

“We try to be a critical friend and offer an olive branch to help take away the pain of this for you.”

Thinking of selling or raising funds?

When the updated GDPR laws come into effect in 2018, there were large concerns over what was going to happen. The day after it came in, it disappeared out of the headlines (albeit the odd story about people being fined and maintaining GDPR post BREXIT).

However, it is one of the due diligence items that banks, investors, and similar will now look at and therefore this is something that your business should consider as it can affect the type and quality of a deal you can get from a lender.

 

What does GDPR Defender do?

We target SMEs, although we are also starting to support more and more start-up companies as well. We provide:

  • A Cost solution
  • Initial Audit
  • Broker to specialist services
  • Maintenance Plan

 

Every business we have come across has not had a compliant approach to GDPR, and so we made it our mission to help MD’s and founders get over this hurdle to remove the risk of fines and being open to further damage.

We offer a detailed GDPR audit (practical, technical, managerial, policy, tasks that we go through with you) whereby we produce a report which will show where you stand, where you fall foul and where you are open to GDPR non-compliance.

We then provide solutions to this for your business and can help source how to rectify this. We also show you how to stay compliant over time, to keep your business in that compliant state.

 

GDPR Summary

  • Don’t look at this just as a tick box exercise
  • Don’t assume that the size or sector of your business is not counted and does not apply to you
  • Do not take shortcuts with GDPR, ask somebody with a good reputation in the industry

 

Think of this as a business process in the same way you would think of marketing, processes, etc. There is a legal provision there to fund this work to help you become more compliant.

………………………………..………………………………..………………………………..………………………………..……………………………

Andrew Borland, Virtual Engineering Centre

Digital Strategy: Delivering Innovation in SMEs and Supply Chains

For over 10 years, the Virtual Engineering Centre (VEC) has been helping businesses to adopt digital technologies through digital transformation to remain competitive and innovative.

 

The VEC is currently leading three fully-funded support programmes:

 

Digital Strategy

When starting your strategy, you have to ask yourself

  • If current and emerging digital technologies relevant to your business?
  • Where do you want the business to be?
  • What are the digital implications to the business?
  • What technologies do you need to adopt and what investment do you need?
  • How are technologies likely to change your sector?
  • What are your competitors doing?

 

Your company will then need to create and set a digital roadmap for successful adoption, ensuring smooth adoption and management of these tools and technologies to maximise the opportunities and benefits they offer.

 

Adopting Technology

  • 50% of SMEs have adopted 2-4 new technologies
  • You do not need to be a ‘tech business’ to take advantage of digital technology
  • Digital technology has its roots across all sides of the business and functionalities

 

The Process is Nothing New: American Express Case Study

American Express was initially trusted for moving items across the railway network. Then after telegram technology and electricity lines came in, they saw an opportunity for moving money. This then progressed into travellers’ cheques, and then into credit cards.

The process of innovation is nothing new. IT is just an example of how a company can move from one form to another, adopting new technologies along the way to open new revenue streams and ensure the success of the business.

 

Where in your organisation could you prioritise to achieve digital adoption?

  • Eternally focused: Customers and Strategy
  • Internally focussed: Technology and Organisation
  • New opportunities: New Revenue, enabling change and reducing error, efficiency and productivity

Technology is not about putting people out of jobs; the value is about improving your margins.

The biggest threat to your business is not being competitive!

Cybersecurity

  • Cybercrime estimated to cost $10.5 Trillion by 2025
  • 55% of SMEs reported being attacked in 2019 with 33% of businesses being targeted on a weekly basis
  • Typical hacker incursions go undetected for 205 days. Businesses need to be mindful and take ownership of privacy elements
  • 69% of businesses are told by others that they have been compromised

 

Threats

  • Malware (Malicious software, worms, viruses, spyware)
  • Ransomware (Locks down files, data or systems. Threatens to erase data, demanding money to get your files back – these are focused attacks)
  • Phishing (social engineering, but you have a duty of care to look after your customers)
  • Insider Threats (current or former employees, access systems or networks)
  • DDoS attacks (crash servers/network, multiple coordinate systems, business interruption)
  • Industrial Espionage (Infiltrate system, steal sensitive data and IP)
  • Man-in-the-middle attacks (eavesdropping, intercepts data, unsecure Wi-Fi)

 

Disaster Recovery and Resilience

  • How will you continue your business operations in a disaster?
  • What would be a disaster for you?
  • What would be the consequence be?
  • What can you control?
  • What is your plan?

Business Continuity Plan

  • Threat and Risk Assessment
  • Impact Analysis
  • Mitigation / Fail Redundancy
  • Impact Analysis
  • Response and Recovery Plan
  • Test
  • Maintain
  • Review

Checklist

  • Security
  • Recovery
  • Resilience
  • Rehearsal
  • Review
  • Culture

 

For more information, visit:

GDPR Defender or contact Jonathon Clark on: jonny@gdprdefender.com

LCR4 START or contact Andrew Borland on: awb@liverpool.ac.uk

 

For the full event recording, please click here.