We examine whether privacy laws are burdensome for business health.
In 2016 the European Union enacted legislation that will have a sweeping effect, not only on EU-based businesses, but on firms selling into the Union from overseas. Even the United Kingdom, with buzzword “Brexit” on the tip of many a tongue, has confirmed that it too will fall under the spell of the GDPR — the General Data Protection Regulation. But is this area over-regulated, and could it harm profits by distracting businesses from their core activities?
Depending on who you ask, the EU may signify currency convenience, breezy borders and powerful judicial recourse; or wasted produce, de facto federalism and political polarisation. Perhaps most famous among its less-well-agreed-upon laws were those restricting the curvature of fruit and vegetables, notably cucumbers and bananas. So it is that the introduction of EU-mandated legislation often harks back to these inescapably ridiculed statutes, and it’s no less the case with the GDPR, which comes into effect in May 2018 across all 28 member states, including the outgoing UK.
Business, in general, is about finding a product, service, or range thereof, and offering it to meet demand, existing or created, at a price greater than its cost. In so doing, a company reaps profit as its reward, distributing it among owners, shareholders and staff, and reinvesting in its own future. The prospect of putting all that on hold to spend time and money at the behest of a governing body in another country is hardly likely to leave business owners, particularly those of small and medium enterprises, in any way enamoured.
There are three common ways to look at the situation:
The defeatist says, “The law is the law, you haven’t got a choice, and no matter how hard it is, you’ll just have to roll over and do as you’re told.” And if you’re not the defeatist who tells yourself this, you may yet be the defeated when your legal advisor gives you a similar line.
You can get away with it — who has to know? It’s all a bunch of legal mumbo jumbo and if it all goes wrong, you’ve got limited liability. Fake it ’til you make it. Wing it. That is, of course, until you realise you’re the liability, and you’re almost certainly limited.
Bright and breezy, some wonder how others do it. But you know, let’s turn this to our advantage — where there’s a will, there’s a way. But surely “think positive” is a mantra as full of itself as the word ‘mantra’ itself. Or is it?
If your business is profitable, it means you’re doing something right. Innovation is one way to expand, but that doesn’t mean drastic change of what is already working. Never has the old adage, “If it ain’t broke, don’t fix it,” been more true than in such circumstances. Applying this principle to profitability, it simply means getting on with what you’re already doing right. That most likely doesn’t extend to poring over reams of legislation, spending your reserves on by-the-hour legal fees, or taking time off your important work to take training courses on how to do something other than what you should be doing.
We could accept that’s the reality of the situation, lie back and let regulation take hold; we could ignore it and hope it will all go away, and that perhaps the European Commission is just a very bad recurring nightmare we’ll one day wake from; or we could look at how this might just be an opportunity to do something alongside existing successful actions that demonstrates the mature, secure nature of the business, encouraging further sales that outweigh the costs of compliance.
Is it really that simple though? The realist doesn’t need mantras, because he or she deals in facts, not phrases. Compliance demonstrated is not the same as mere compliance, no matter how water-tight that compliance effort may be. Anyone with whom a business comes into contact has the potential to affect its profitability, whether that’s by saying something good, saying nothing, or saying something bad, and whether it’s said to a regulator, a social media audience, or within their own circle.
By protecting data you’re taking steps that are ultimately a declaration of your responsibility as a business, but to remain profitable, this kind of compliance effort should always be done in a way that benefits the company and complements its activities, not that takes key executives away from their duties. Here’s a look at just some of the effects of demonstrating compliance:
- Earning the trust of your market
- Improving relations with stakeholders
- No or minimal regulatory interference
- Avoidance of privacy-related litigation
- Saving time on tasks like subject access requests
All of which is easier said than done. How exactly does one demonstrate compliance when one doesn’t know how to comply in the first place? Take time off to do a course? Hire an expensive member of staff? Pay a lawyer by the hour? Those are all options, but while we may biased, at Privada we believe it’s best left to an outside company who not only has the right level of knowledge and experience to take the compliance burden off your shoulders, but who are dedicated to you and your profitability, not the appeasement of government regulators at your expense.
If you’ve enjoyed our article, why not take a look at our website for our range of data protection services.