The Commercial Context of Privacy Compliance Posted by John on 20 January 2017

The Commercial Context

Throughout our training courses, we assess how the processing of personal data by organisations, for their legitimate, commercial purposes, is the key focus of Data Protection legislation. This focus will become ever-more intense when the General Data Protection Regulation (GDPR) becomes law on May 25th 2018.

In the same way that a company's efficient, creative use of data can enhance their reputation and engender customer loyalty and market share, it is constantly evident how poor data management can damage a hard-won market position, tarnish an organisation’s brand and reputation, and cause irreparable impact on the credibility and performance of companies as well as their senior executives.

Throughout, one must assess three essential perspectives regarding the management and processing of personal data:

1. The Personal Perspective 
2. The Professional Perspective 
3. The Commercial Perspective

1. The Personal Perspective 

At an individual level, we get to ask, among other things: 

2. The Professional Perspective 

Managers and executive decision-makers within organisations must pose the following or similar questions throughout the data life cycle; i.e. the period during which personal data is held and processed by their organisation:


3. The Commercial Perspective 

The ultimate entity responsible for compliance under the Data Protection legislation is the data controller, the individual organisation responsible for the acquisition, retention, use and destruction of the data. As a whole, the staff, senior management and executive or the organisation must constantly ask:

During the coming months, as the run-in to the GDPR entering into law picks up speed, we will see increasingly complex challenges posed by the new legislation for controllers and processors alike who are looking to strike a balance between these three factors in any data processing activity. There are interesting times ahead!