Deloitte recently conducted a benchmarking survey in EMEA to understand how organizations are preparing for GDPR compliance, including how confident they are in achieving their goals by 25 May 2018.
Only 15% of organizations surveyed expect to be fully compliant by May 2018, with a staggering 62% opting for a risk based defensible position. The 3 main reasons include:
1. Lack of time in achieving compliance
2. Difficulty fulfilling some requirements
3. Ambiguity of text within GDPR requirements
To take a defensible position suggests that some organizations may risk a potential fine of up to 4% of global turnover for non-compliance.
Although the survey focuses on the EMEA region, let’s not forget that compliance with the GDPR has a global effect. Companies who interact with EU clients and employees must adhere to the regulation’s policies and standards. Non-EU entities who process personal data belonging to individuals from the EU are also subject to comply.
For example, one of the requirements under GDPR is regarding consent: all consent must be explicit and include an audit trail. Implied or soft consent is no longer accepted. According to the Deloitte survey, this is the requirement which poses the most difficulty for organizations– and rightly so. Having worked within Marketing for 12+ years, I can relate to the logistical challenges that comes with this requirement.
However, although this exercise poses some challenges, it can also be a business enabler. I agree with Deloitte’s view that a proactive approach to privacy can bring long-term benefits in terms of customer trust and engagement.
Here’s our approach to the GDPR
As a company that interacts with roughly 40% of the global population annually, Teleperformance has been taking necessary measures to ensure compliance since the GDPR’s announcement in 2016. This includes developing security programs that increasingly protect personal information and data of our clients and customers within the EU, to developing GDPR-focused programs that will allow us to comply with the GDPR’s legal requirements, thus carefully adapting to the regulation’s policies and standards.
In addition, Teleperformance has recently received Binding Corporate Rules (BCRs) approval making it the first company in the industry to attain this critical data protection compliance status in the European Union. Attaining BCRs approved status is a long and rigorous process that ensures a company has a comprehensive and effective framework to safely and legally transfer private EU data out of Europe for applications such as customer sales and service, technical support and back- office processing applications.
This comes as no surprise, given Teleperformance’s reputation for its robust security practices, and which was evident when they won the HPE-IAPP Privacy Innovation Awards which recognizes unique programs and services in global privacy and data protection in the private and public sectors.
Teleperformance has always prioritized its clients’ and customers’ security and have worked for years to establish and maintain a culture dedicated to ensuring the protection and integrity of the enormous store of sensitive customer data under its care. The GDPR is just a part of that journey.
We are getting ready for GDPR. Are you?