'Storm GDPR' compliance an opportunity for businesses, says RSM

21 June 2018 Consultancy.asia 3 min. read

Accounting, tax and advisory network RSM has likened the EU’s GDPR to a monster storm pounding regions across the globe, with the Asia Pacific among the locations hit. One month on and the clean-up is still ongoing.

‘Storm GDPR’ – or the EU’s General Data Protection Regulation – made landfall across the globe on the May 25th, 2018, and, in the words of the world’s sixth largest accounting, tax and advisory network RSM, ‘has spread chaos in its wake’. In the build-up to the implementation date, RSM surveyed over 750 middle-market businesses (those with revenues between $100 million and $1 billion in US terms) across the world to assess GDPR compliance preparations.

The consulting firm canvassed the companies on three specific question; where are you on the road to GDPR compliance, what would you expect to be your biggest hurdle for GDPR compliance, and where has your organisation performed a risk assessment? The responses, according to RSM, demonstrated that businesses globally were reacting to the regulation with apathy, confusion, and often panic, with wide concern for GDPR penalties.

As an illustration, less than one year out from the new personal data collection and storage laws coming into effect, barely half of European businesses surveyed had undertaken some form of privacy risk assessment, 71 percent of US businesses were still unsure if the GDPR applied to them, only a quarter of those in the Middle East and Africa had recognised the need to prepare for GDPR at all, and just 11 percent of Asia Pacific businesses had begun initiatives towards the GDPR compliance.'Storm GDPR' compliance an opportunity for businesses, says RSMPrior to the deadline, regional commentator Michael Shatter, RSM Australia’s National Director of Security and Privacy Services, said; “There has been little if no awareness of the GDPR amongst the middle market in Asia Pacific… Reaction and response to GDPR is only now receiving an increased level of attention. However, efforts and establishment of projects focusing on GDPR risks are not yet as widespread as we would expect given the reach and potential impact of the regulations.”

And, now, a month on from the deadline, RSM says: “GDPR has come into force with a bang. Like with any calamity of magnitude, there are those who saw it coming and were ignored and ridiculed. There were those who were presented with the facts of the GDPR regulation, but chose to put their heads in the sand, and there were those who recognised the danger and took steps to prepare for the worst. There were also many more who simply took notice too late, not fully appreciating the full impact of ‘Storm GDPR’.”

RSM, however, contends that although GDPR compliance may feel like a burden, the new regulations present businesses with an opportunity to reimagine their models for the digital age. Like a refreshed earth after a storm, the firm suggests that a new approach to data collation could have a ‘positive and cleansing effect on businesses and consumers alike’, with a targeted data approach replacing blanket methods offering businesses the potential for more meaningful customer engagements.

The consulting firm believes that the rewards of such a mind-shift while establishing greater GDPR compliance would be significant; reduced reputational risk, lower operational costs, and greater protection from cybercrime. Ultimately, it’s an opportunity for middle market businesses to regain trust and strengthen the way they and their customers interact with one another.