GDPR an opportunity for battered businesses to restore customer trust, argues IBM's Steve Norledge

IBM UK & Ireland GDPR lead Steve Norledge argues that organisations should see GDPR as an opportunity

The General Data Protection Regulation - which will be coming into force in less than 250 working days - should be considered an opportunity for businesses to rebuild customer trust in their willingness and desire to protect people's personal data.

That is the message of Steve Norledge, GDPR leader for IBM UK & Ireland - which could be stung with a fine of as much as $3.8bn under the new data protection regime if it suffers a data breach in the European Union.

It comes, of course, following years of rising data breaches in which ever-larger volumes of people's private data, including financial and personal, and even passwords, have been spilt.

But now, after organisations have (or should have) finished digesting the forthcoming new law and what they need to do to make sure that they are compliant, or have mitigated the risks, now comes the hard work, warned Norledge.

"By this stage have done the legal interpretation of GDPR. They read it and they've worked out how it will apply to their organisation, and they have probably updated privacy policies, and privacy notices.

"And, suddenly they face this yawning chasm - how you take that policy and transfer that into operational capability throughout the organisation. That's a big challenge. I think organisations are now wrestling with how they are going to make that leap," said Norledge.

Many companies, he admitted, wouldn't see the upside of yet another piece of regulation requiring both major reorganisation, as well as the threat of the big stick of significant fines. However, Norledge believes that it could help them to rebuild reputations following all the data breaches recently.

"The GDPR is good for us as individuals, it actually presents a real business opportunity that, I think, exists in two dimensions: brand value and efficiency value.

"The two of these things can deliver business value for the organisation.

"Brand value is about trust. Trust is a crucial dimension of what the Information Commissioner's Office (ICO) is trying to achieve because with their five-year plan that was published recently.

"In June last year, the ICO conducted a study of UK residents and discovered that some 75 per cent of us don't trust corporations to protect the privacy of their personal data. That's a staggering statistic.

"So, basically, your customers don't trust you. That's the harsh reality!" warned Norledge.