For organizations that operate globally, complying with the EU GDPR will likely require significant investment in personnel, process change, and new tools. In order to meet the compliance deadline, companies are actively preparing now. TRUSTe has developed a four phase process to help guide you on the path to compliance. During November and December we will provide you with a series of tips to use along your path to compliance.
TIP NO. 3: Build Consensus for GDPR Compliance by sharing Business Case for Investing
Approach this process like building any business requirements case by developing a narrative that shows the pros and cons of this investment. You should use these key messaging strategies to establish a compelling story for your GDPR Awareness Campaign. The following examples can be used to get started on making your case:
The GDPR Impacts our Company…Posing Threats and Opportunities
- Make a list of organizational risks, fines & penalties, and regulatory trends
- Be sure to include that GDPR non-compliance fines may reach up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year, (whichever is higher)
- Find examples of what non-compliance would do to your brand in terms of loss of goodwill and general brand damage
- Show that companies using a strong privacy posture have a competitive advantage – or conversely, how not being GDPR compliant could put you at a competitive disadvantage with clients who expect GDPR compliance
Our Company Has Compliance Gaps That Require Remediation
- Use your initial GDPR Readiness Assessment results with identified gaps and risks to show where remediation is needed
- Illustrate gaps with internal history of privacy breaches, regulatory inquiries, or enforcement – either within your company or your industry
Our GDPR Compliance Program Will Require New Investments
- Illustrate this point with benchmark reports / infographics depicting GDPR risk and action by competitors
- Be specific – use results of your gap analysis. Include training, PIAs, and policy reviews / changes
- Include a proposed project overview with timeline, methodology, and metrics
Next week we will provide tips on how to use the business case you’ve created to execute an awareness campaign within your organization, and further build consensus.
If you need support in securing organizational stakeholders’ buy-in, TRUSTe offers a GDPR Workshop, which is the last phase in our GDPR Priorities Assessment. Our expert privacy consultants will review your readiness assessment and plan on site, custom tailored to your organization’s needs. Contact us for more information.