Greetings from Dublin!

I am on the road at the moment, and back in my hometown. I flew into Dublin from London where I was speaking at an event Tuesday to an audience of business leaders and influencers — not pure privacy folks. GDPR is still very much at the discovery-level for many, and what business leaders are keen to know is what the risks associated with the GDPR regime are and how this will impact their companies. Speaking to the GDPR, I was making the business case for the legitimacy of the DPO and data protection function as an integral and mainstay component of organizational strategy. The interest, I am pleased to say, was overwhelming and the Q&A went well beyond the allotted time.

Importantly, companies seem to be increasingly asking questions of how they are structured to oversee and manage their data assets. While interpreting the legal compliance complexity is key, business leaders are constantly looking at such matters from a revenue perspective (the cost of doing business) and how to articulate data overhaul into sustainable competitive advantage. Makes sense: If you can demonstrate business adjustment to add value, you’re on the home stretch. After all, business leaders are employed to figure that out. Those companies that are learning to maximize data value by effectively building, managing and evolving their data supply chains will most likely gain a lasting and meaningful competitive advantage.

What I found striking in talking with these leaders — some from fairly sizable organizations at that — is the perceived absence of awareness and understanding of GDPR issues despite the barrage of media exposure in recent years. A repeated question I received was why hasn’t the EU done more to promote and educate on the up-coming legislation. That’s a fair question. A part answer to that question is relatively simple: The EU comprises Member States. What have the individual Member States done to educate their businesses and citizens of the pending data protection reforms? The EU is not solely responsible for the communication of legislative change. This is a wider conversation. In areas of national competence, there is no shortage of government energy, in areas of EU competence … well, that is often a different matter.

Business leaders have some key challenges ahead. With so much data now available from multiple sources, companies truly need to recognize and treat their data as a valued asset. Companies will need to learn to master both internal and external data supply chains as seamlessly as they do other business critical systems or distribution networks. The GDPR will bring cultural change to companies, and business leaders will be faced with tough decisions and possible trade-offs as they look to comply whilst maintaining competitive advantage through business enablement.

Arguably, those companies that look to build robust data protection frameworks into their organizations could well find themselves empowered to lead the next generations of apps, AI, and data-driven business for the foreseeable future. If there is one common denominator for all organizations, it’s probably the realization and acceptance of a digital duty for data care. The principle of demonstrating a culture of accountability and transparency with regard to data subjects and their data will become a core responsibility for organizations. I would suggest that this acknowledgment at the highest levels of management is a necessary step for the work ahead.

Today I will speak to another set of business leaders here in Dublin, and, as was the case in London, I am in hope that Irish business are here to confirm what they already know: Decisions for better data protection are strategic to continued success.