3 things to get you started on GDPR in a holistic way

Trust as an amplifier for new business sounds great, but unfortunately, the reverse is also true. We all know examples of trust erosion that has led to dramatic erosion of market valuation. And it’s for this reason we believe that it´s the “business model thinking” as opposed to “compliance only thinking” that will decide the digital successes and failures in the post GDPR era.

With this in the background, in the 12th addition of Cognizant’s Snapshot Breakfast, the speakers spoke about trust being the new currency for all businesses. Firms (both digital natives and traditional companies) are working on several interesting use cases to incorporate and gain trust from their consumers so that they can deliver more disruptive, more innovative, more efficient services, the promise of the digital economy.

However, there are several questions that organizations need to answer in order to build a strong response to the GDPR task. How is my line of business impacted? We have multiple channels, where do we start? What consents do we want from our consumers? What is the most optimal consent model? How do we link GDPR to our digital innovation? How do we bring legal, business and engineering perspectives together? What should be our GDPR budget? What architecture, technology and processes do I need? What is the minimal viable readiness we need to have before May 2018?

Here is a short to do list which can get you going. There are a few things you could start with right away:

1. First focus on understanding where and how GDPR impacts your business. This is a business assessment of how you interact with your consumers through various channels. What does the existing and future product or services look like? Do this for each of your channels through which your consumers meet, speak or interact with you. Do this with digital business hat on where you really want to understand and simulate how to deploy consent and consequently build trust into your services and interfaces.

2. Put your business interests on 4 key legal grounds – legal requirement, performance of contract, legitimate interest and ones which require consent. Try to assign purposes of collection of data against each of these legal grounds. This is the start point from where each data attribute is linked to a specific purpose. This is where you want your legal and DPO to sit with your business to draw up the initial list.

3. Do a quick gap analysis and impact assessment of your landscapeincluding process, technology, architecture and people. This will help you plan the roadmap with some estimation of budgets. GDPR is as much about intent and demonstrability as much as it is about actual hard wiring of privacy in the system.

We have woven the GDPR readiness and assessment accelerators to our digital business storyline. We have journey maps, potential consent structures and furthermore, the “regulation to requirement” framework which can help put a holistic GDPR assessment together along with practical smaller steps in order for you to build trustful relationship with your consumers, partners, investors, regulators and employees.

Do feel free to reach out in case you have any questions on the topic! In case you want to dive deeper and better understand and take the help of our jump starters, please consider opting for a workshop slot with us.

Abhishek Rishi
Director, Cognizant Business Consulting, Analytics and Information Management
E: abhishek.rishi@cognizant.com