GDPR: Achieving Compliance, Earning Trust - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
07:00 AM
Sooji Seo, Global Privacy Program Director, Dell
Sooji Seo, Global Privacy Program Director, Dell

GDPR: Achieving Compliance, Earning Trust

Following the privacy rules set out in the EU's GDPR isn't just about compliance; it shows customers and others that they can trust your company.

As the May 25, 2018, deadline approaches for complying with the European Union’s General Data Protection Regulation (GDPR), much of the focus has been on the weight of the regulatory burden it imposes and the size of the penalties it exacts for failing to bear that weight. But that’s a somewhat narrow view; look beyond it, and you can see that GDPR compliance may not be such a heavy lift after all, and also that the reward for achieving it is far greater than many may have imagined.

For organizations that begin their approach to GDPR with a well-established privacy program already in effect, compliance may be more a matter of layering GDPR on to the private-data protections presently in place than one of building a complete program from the ground up. We’ve been engaged in just such an effort at Dell Technologies, of which RSA is one of seven constituent companies. While we’re doing this with the immediate goal of GDPR compliance, of course, we also recognize that there’s ultimately an even larger payoff.

Organizations that meet the requirements of GDPR demonstrate to regulators and auditors that they’re compliant, yes. But they also demonstrate, and to a much larger audience, that they’re to be trusted. For customers, prospects, employees, and others who do business with these organizations, compliance with GDPR says, “You can absolutely trust us to protect your personal data.” An organization that is compliant assures those with whom it does business that it has the privacy policy, controls, and procedures in place to keep personal data safe, whether from a breach perpetrated via cyberattack or from inadvertently being exposed through a third party like an employee benefits administrator or a contracted services provider. The organization provides this assurance by virtue of having met the stringent requirements of GDPR.

It’s impossible to overstate the importance of this trust. If you’re looking to do business with a company, you want an assurance that they’re trustworthy. Do they take GDPR compliance seriously? How far along are they in their GDPR compliance journey? Can you be confident in their ability to protect your personal data, not to mention the personal data of your customers, employees, and others who entrust you with their data?

This isn’t just about the trust you need to have in companies with whom you’re doing business; it’s about the trust others need to have in you. To that end, you must be prepared to demonstrate that your organization is deserving of trust, that it’s far enough along the GDPR compliance journey to merit the highest level of trust. As you work toward that, you’ll want to:

  • Identify areas of greatest risk and thoughtfully plan how to address them. Know what personal data you have access to, where you’re collecting it and how it flows in and out of the organization.
  • Determine whether the controls, processes, and governance systems you have in place are robust enough for compliance with GDPR.
  • Think about how you’re going to integrate tools for compliance with the governance systems and other technologies you already rely on.

Put a priority on areas that will be low-hanging fruit for regulators: How well you demonstrate through recordkeeping that you’re driving accountability for compliance; whether your organization meets the regulation’s notice and consent obligations; and what you’re doing to support data subjects’ rights to have their data deleted, rectified or relocated in a timely manner.

Achieving compliance is the first order of business between now and May 25 for any organization that’s governed by GDPR. Earning trust is the larger, and ultimately perhaps more important, consequence of the successful effort to comply.

Sooji Seo joined Dell in 2007 as legal counsel for Dell’s Australia and New Zealand business.  During her tenure at Dell, Sooji has held various leadership roles in privacy, regulatory compliance and strategic legal advisory support.  Sooji currently serves as Dell’s Global Privacy Program Director, which provides a broad range of leadership involving direct support and execution for the design, development, coordination, implementation and ongoing management of Dell’s global privacy program across Dell's global enterprise. This position leads a global team of certified privacy compliance professionals who are responsible to build, implement and manage a best-in-class and standardized global privacy program, in a highly regulated global environment.

Prior to joining Dell, Sooji was general counsel for Hunter Douglas Limited and Chubb Australasia.  Sooji has over 20 years of legal advisory, compliance risk management and risk governance, regulatory enforcement and commercial litigation experience. Sooji received her Bachelor of Laws (Honors) from the University of Technology, Sydney and a Bachelor of Computing Science and Mathematics from the University of New South Wales. 

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll