header photo

Nirvans Consulting

Business Project Consultants


Ready for GDPR? Business Proposal Strategies for European Data Protection Standards which are enforceable from May 2018

Many businesses are developing business proposals for European Union GDPR related changes. Read insights from our IT Content team focusing on Euro region and Data Governance.

General Data Protection Regulation (GDPR) is '..regulation to strengthen citizens' fundamental rights in the digital age...The Directive for the police and criminal justice sector protects citizens' fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. ... The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.' - for source and more information read the European Commission brief on EU data protection rules at this link

Irrespective of what your organization thinks of European Data Protection laws (unwieldy, clunky, hard to enforce, etc.) these laws are here to stay and if your company is selling to European citizens or has data on European citizens you need to manage this change and should be thinking about a comprehensive change management proposal for your Executive Committee. Nirvans Consulting recommends a three step process to socialise this message within your organisation and secure buy-in from critical business areas. Your business proposal for compliance with GDPR will need to cover 3 areas  -

The first area is review, revision and update of Data Governance and Data Protection of personal data in key organisational areas like - Marketing, Sales, CRM or Fulfillment. This includes direct data collection, any customer data copy kept for redundancy or department specific needs, and changes to enterprise data management processes. Remember your proposal needs to be holistic in nature and you need to cover both long term strategies (e.g. evolving standards), compliance (e.g. Data Protection Officer) and short term tactical fixes to derive maximum value (an example could be your proposed approach to de-identify datasets through inventory of historical data and update to existing data analytics assets).

The second area is business process changes around the entire customer lifecycle including impact to data collection procedures around Sales Leads Generation, Marketing and Customer onboarding (what to collect, what to retain and what to delete ). Good proposals clearly list the impacts, pros and cons of different approaches with clear tie to GDPR guidelines. A best practice is to include both - the bare-minimum 'must haves' to be 2018 Euro compliant, and scenarios and strategies to leverage investments for continued compliance with country-specific regulations.

The third portion of your business proposals would be financial impact assessment, the direct and indirect costs of GDPR compliance and any potential upside of more comprehensive data privacy and data protection standards. Examples include cost related to 'right to be forgotten' clauses and customer consent standards, or how demonstration of your leadership in Euro GDPR compliance sets you apart when marketing products or services.

Nirvans Consulting has in-house proposal consultants who are well versed with both GDPR proposal strategies and Data Governance bids in the European context. We also assist with analysis of Euro compliance costs. Our point of view is to see beyond the obvious and look at GDPR compliance and related metrics as an opportunity to gain competitive advantage. The time to act on your GDPR business proposals is NOW! To learn more or to seek assistance reach us at

Go Back