TMCnet Feature Free eNews Subscription
July 20, 2018

Tips For Getting Your GDPR Compliant Solution Approved


Getting Your GDPR Compliant Solution Approved: Practical Tips

When you’re tasked with keeping your company compliant with privacy laws, knowing the right strategies to keep data secure doesn’t guarantee a smooth implementation. Depending on whose approval you need to implement various aspects of the job, you might find yourself in a battle over time, money, and resources.



Human error is to blame for the majority of data breaches, yet most people who aren’t IT security don’t understand what those errors are. You might have all of those bases covered in your plan, but convincing others to embrace it requires more than facts and a declaration of expertise.

With the recent GDPR requirements in place, there’s no time to waste. Being responsible for compliance means doing everything in your power to get approval for what you need. Here are some tips to help:

1. Understand why people resist change

You’ve probably noticed some people resist change, even when it’s for the best. People don’t like change because they get comfortable with what they know. It’s exhausting to learn a new system and work through the learning curve. New software takes time to learn, and control panels aren’t always intuitive.

In other words, to many, change means frustration and more work during the transition. You can mitigate this perception by being available for questions and support around the clock.

2. Keep it simple

You know more than your audience about your topic. Focus on what’s important and leave the other details behind. Don’t get caught up in the need to assert your expertise through sharing excessive information. Stay focused on your main points and carefully navigate your presentation.

3. Present the worst-case scenario as a realistic possibility

Nobody expects their data to be hacked, but it happens all the time.

When all else fails, present the worst-case scenario as a realistic possibility for the company. Be sure to explain more than the financial impact.

For instance, stolen data compromises the privacy and security of all customers in your company’s database, which means a class action lawsuit is a possibility. A class action lawsuit is expensive and time-consuming.

Make sure the decision makers understand that a class action suit can be brought against the company, even when no court has made a judgment or determined any wrongdoing. A solid example to demonstrate the exhaustion of a class action suit is the data breach Target (News - Alert) announced on December 19, 2013.

After the district court approved a $10 million settlement, in 2017, the class action suit was derailed on appeal by the Eighth Circuit Court of Appeals. In 2018, the settlement was officially approved once more, demonstrating the exhausting, lengthy process of class action suits.

4. Be extremely patient yet persistent

It’s difficult when you have to get approval from someone with a limited or incorrect understanding of data security. For example, say your CEO purchased a data encryption product because someone told them company data should be encrypted. They probably didn’t know what they were buying, and don’t understand data encryption well enough to identify the product’s limitations.

In their world, they bought an encryption service, and that should be enough. When you approach them about the necessity of spending more money on encryption, they’ll be at odds with the idea before you get a chance to explain.

For example, many businesses use Microsoft (News - Alert) 365, which comes with data security features, but falls short for certain requirements. Native security features aren’t always enough to meet privacy, regulatory, and data residency requirements. When add-ons are available, they’re often more difficult to use.

You may have a better solution, but it will take some skill to convince other people. You’ve got to be skillful enough to educate them without making them feel wrong.

5. Tell the decision maker how your plan will benefit them

Depending on who you need approval from, tailor your presentation so it addresses their specific needs and concerns. Find out how a data breach will directly affect that person’s job and department, and present that information.

Plan your presentation carefully

No matter who you need approval from, plan your presentation so you convey the right information to the right people. If you have to get approval from the head of HR, you may not need to present your request beyond a basic outline.

Remember that people aren’t only convinced by dollar amounts. Proper data security saves money theoretically by preventing lawsuits, but it also makes customers feel safe. Be sure to present all the benefits that will appeal to the person making the decision.



» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles