Yes, you could certainly view GDPR as merely being about compliance. But you could just as certainly view it as a basis for competitive advantage.
You see, most organizations, even in Canada, seem to want to do the bare minimum to be compliant. But what if you viewed GDPR compliance as a means of upping your competitiveness?
GDPR essentially concerns data privacy and data security. Expressed differently, it's actually more about protecting the rights of the data subject. Demonstrating that the rights of the data subject are appropriately protected could be a significant means to build trust with the relevant community.
In a competitive retail market, if the relevant community finds itself needing to choose between competitors, there’s a high likelihood that they would prefer to deal with someone they trust.
Trevor Young wrote an interesting article entitled “How to Build Trust as a Competitive Advantage” in IABC earlier this year, stating that “Trust is the currency in today’s socially connected world. … [T]rust needs to be earned, [but] earning trust … requires a whole-of-organization approach.”
In the same way, properly achieving GDPR compliance demands a “whole-of-organization” approach, as effectively implementing GDPR’s compliance requirements impacts the organization’s people, processes and its technology.
Imagine the potential of not merely seeing all this hard work as a means to achieve “invisible” compliance, but as a means to achieve very visible trust. Suddenly GDPR compliance becomes more like an investment with an ROI, rather than merely being a compliance cost. Food for thought...