Jon Thordarson / 10. May 2016

The Benefits of the Data Protection Regulation for IT Professionals

The new EU Data Protection Regulation being discussed at the moment introduces many new requirements which are most commonly perceived as a burden for developers and businesses in a more general sense. For example, the requirements concerning Privacy by Design and Privacy by Default place great emphasis on respecting data protection principles during the entire process of the development of a new product or service. As you can imagine, this can drive up the cost of a new project significantly. Furthermore, it often complicates business processes and makes projects more labour intensive. While we do recognise that these consequences may be true, increased regulation is not all bad. In this post we discuss a number of advantages of the Data Protection Regulation for the technology industry and IT professionals specifically.

1. Streamlining processes for personal and business development

As a professional you are always looking for new ways to make your work better and more efficient. This can be achieved by streamlining processes and using the latest methods and technologies to achieve your goals. Information Technology  is no different. However, new ways of doing things often require a certain investment of time and financial resources that necessitates support from senior management.

Managers and Directors are not always supportive when IT professionals want to make such changes, even if these improvements will benefit the company in the long run. For example, streamlined processes can benefit the business in terms of time spent on projects and the ease in which projects can be completed. The main reason for this lack of support is that improved and streamlined processes do not directly lead to increased revenue. It is not surprising that many IT professionals experience frustration when they are not supported by their superiors. When the new EU Data Protection Regulation comes into force, there will be a new and powerful argument available to them which may see their views more supported by management.

2. Compliance with Data Protection Law as a Competitive Advantage

Over the past few years the ways in which companies do business has changed quite dramatically. Mobile devices, social media and the importance of having a web presence played an important part in this. The latest technologies, business methods and the right people are readily available to most businesses with the arrival of the information age. Information is shared with great ease, technology has has become commoditised and the right people can be found with a simple Google search. Consumers are becoming increasingly powerful with the proliferation of social media and the market has truly become global. Social media makes it easy for people to research both positive and negative experiences customers have had with a certain business. For example, if a customer in Australia publishes a negative review of a service on Twitter, customers in the UK may decide against using the service based on that review.

All of these factors play an important role in the ways businesses approach competition nowadays. The more conventional ways of competing are proving less effective. Of course factors such as pricing and quality remain important, but businesses are forced to look for new ways to outsmart the competition. The cause of this is the fact that the technological and information needs of businesses are so easily fulfilled and a “race to the bottom” in terms of pricing is not always the best approach. Improving customer experience has become incredibly important, mainly due to the positive and negative impact social media can have on revenue. This is where IT professionals can contribute tremendous value to the company. We are living in the Era of Data and customers are very concerned about what happens with the information they give to companies. This information is only shared voluntarily to a certain degree. Most services require certain information before you are able to use them. For example, you may have to provide your email address and name before you can sign in. Without disclosing this information you are excluded from being able to use the services, yet you may have come to rely on them. It is important to make your customers feel secure if you require information from them before you provide access to your service. The fact that customers are becoming increasingly worried about disclosing personal data creates a new opportunity for businesses. If you can establish a sense of security and trust with your customers by giving them a guarantee that their information is safe, it can give you a competitive edge.

3. How Privacy by Design can lead to Increased Revenue

While there are many requirements in the Regulation that are important for IT professionals, the Privacy by Design requirement is an excellent example of how compliance can increase revenue. While the introduction of this new requirement may initially prove difficult for the IT department, it creates an opportunity for developers to make a difference individually as well as for the company as a whole. Privacy by Design means that each new service or business process that makes use of personal data must take the protection of personal information into account during its development. Also, businesses need to be able to demonstrate that they have a certain level of security in place and that the protection of personal data is monitored. For IT professionals it means that the protection of data must be considered during the whole life cycle of the software or process.

From a business perspective it logically follows that being able to create a product or service that a customers feels happy and safe using can help the overall success of a business. It will improve the reputation of a business when information regarding respect for privacy and data integrity is shared on social media and in the press. The fact that an organisation meets the requirements of the new Regulation can be communicated to the customer by acquiring certification from the data protection authorities. Having this certification will lead to customers choosing one business over another. It is therefore likely that as an IT professional, your suggestions to streamline business processes will be positively received by senior management as it will attract more people to the business. More customers means increased revenue.

4. Compliance through IT and Data Protection Certification

The Regulation introduces the possibility of getting a data protection certification from the Data Protection Authorities when a business can demonstrate that the requirements of the Regulation are met. Certification means that the business receives a seal of approval that can be used to communicate to customers that their personal information is safe with that company. It shows that the business has spent time and money on protecting the customer. As an IT professional the possibility of getting certified can be used to convince management and the board of directors that time and money should be spent on streamlining and developing IT processes within the company. Certification has real value which can lead to greater business success, but it can not be obtained if the IT department cannot do its job in the best possible manner. To summarise, the Data Protection Regulation will create some complications and a heavier workload for technologists. However, both technologists and business professionals can use the Regulation to their advantage by ensuring compliance which may lead to greater business success and an advantage over the competition.