The arrival of the EU’s GDPR data protection framework next year should be seen as an opportunity to establish a competitive advantage, according to a report by insurance and risk company Marsh, rather than focusing on the costs and disruption involved in its implementation.

The EU’s new data protection framework, the General Data Protection Regulation, comes into effect in less than a year, and Marsh says firms should focus on developing their cybersecurity and information management systems around its requirements.

Marsh’s cyber risk leader Peter Johnson (pictured) said: “Rather than regarding compliance with the GDPR to be a costly and disruptive undertaking, Irish firms should see it as an opportunity. These organisations can improve how they safeguard personal information, boost their understanding of how data can add value to their business, and forge a new relationship with clients, based on enhanced transparency and security, that can further build trust.”

In preparation for the most significant change to the EU’s data protection laws in over 20 years, firms need to review their procedures for managing personal data. In addition, Marsh recommends that firms should re-examine their insurance arrangements to ensure that any indemnity limits will cover the costs associated with investigations and breaches under the GDPR.

The report states: “For too long, many organisations have captured swathes of data without proper protocols surrounding its processing, storage, and sharing or any real understanding of its relevance and value to their business. While developments such as the GDPR will require time and money, the value to be derived from gaining customers’ trust and improved data management could be market-leading and may go some way  to offsetting this.”

The GDPR includes provisions which will also ensure better cybersecurity. With global cybercrime costing around $450 billion last year, the GDPR’s requirements should go some way towards reducing this, says the report, by enhancing cybersecurity levels and therefore reducing the potential for data loss, operational disruption, physical damage, and also reputational and brand damage.

With trust between business and consumers at a low point due to doubts and concerns about how personal data gathered by companies is used, the new regulation will also help renew trust, says the report, as it aims to provide EU citizens with greater control over the use of their personal data.

“Central to this is consent. The threshold for consent under the GDPR is higher than under the existing legislation. To meet the new consent requirements, consent needs to be freely given, specific, informed, unambiguous, and businesses must be able to demonstrate these elements when relying on consent for processing.

“Where an organisation relies on consent to process an individual’s personal data, the individual will have the right to withdraw that consent at any time, together with a right to obtain and port their personal data for their own purposes across different service providers and an enhanced right of erasure (the right to  be forgotten) should they wish it.”