TrustArc Blog

EU General Data Protection Regulation (GDPR) Series; Build Consensus

December 01, 2016


For organizations that operate globally, complying with the EU GDPR will likely require significant investment in personnel, process change, and new tools.  In order to meet the compliance deadline, companies are actively preparing now. TRUSTe has developed a four phase process to help guide you on the path to compliance.  During November and December we will provide you with a series of tips to use along your path to compliance.

See Tip No. 2: When Developing a Plan, Consider Risk and Level of Effort

TIP NO. 3: Build Consensus for GDPR Compliance by sharing Business Case for Investing

See Tip No. 4: Build Consensus for GDPR Compliance by executing an awareness campaign

Approach this process like building any business requirements case by developing a narrative that shows the pros and cons of this investment. You should use these key messaging strategies to establish a compelling story for your GDPR Awareness Campaign. The following examples can be used to get started on making your case:

The GDPR Impacts our Company…Posing Threats and Opportunities

  • Make a list of organizational risks, fines & penalties, and regulatory trends
    • Be sure to include that GDPR non-compliance fines may reach up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year, (whichever is higher)
  • Find examples of what non-compliance would do to your brand in terms of loss of goodwill and general brand damage
  • Show that companies using a strong privacy posture have a competitive advantage – or conversely, how not being GDPR compliant could put you at a competitive disadvantage with clients who expect GDPR compliance

Our Company Has Compliance Gaps That Require Remediation

  • Use your initial GDPR Readiness Assessment results with identified gaps and risks to show where remediation is needed
  • Illustrate gaps with internal history of privacy breaches, regulatory inquiries, or enforcement – either within your company or your industry

Our GDPR Compliance Program Will Require New Investments

  • Illustrate this point with benchmark reports / infographics depicting GDPR risk and action by competitors
  • Be specific – use results of your gap analysis. Include training, PIAs, and policy reviews / changes
  • Include a proposed project overview with timeline, methodology, and metrics

Next week we will provide tips on how to use the business case you’ve created to execute an awareness campaign within your organization, and further build consensus.

If you need support in securing organizational stakeholders’ buy-in, TRUSTe offers a GDPR Workshop, which is the last phase in our GDPR Priorities Assessment. Our expert privacy consultants will review your readiness assessment and plan on site, custom tailored to your organization’s needs. Contact us for more information.