Written by Sonya Stephens on 7 July 2018

All problems need a solution and all gaps need to be filled… or do they? As a person that likes to solve problems and fix things, this used to be my belief for a long time.

We hear the mantra – for every problem there is a solution. But sometimes the solution is simply to accept the problem – don’t try and change it, don’t fix it, don’t fiddle with it, just accept it. I can sense a few hairs standing up in the neck of the ‘previous-belief-me’ fixers.

Here is what I believe now – time and resources are scarce and as such need to be allocated wisely. Cost-benefit, cost-benefit, cost-benefit analysis is imperative (yes, I know I wrote it three times, that’s how important it is!).
It is also important to note that ‘cost’ is more than just money. It includes the implications or consequences of accepting the problem for the short and long term (no, you can’t leave it for the next generation to deal with where consequences will only happen years into the future – critical problems still need solutions sooner rather than later, definitely).

Don’t get me wrong – I’m not talking about problems that are illegal or result in compliance gaps – there is a cost to compliance and something we just need to do. It’s the cost of running a business.

Let’s use the much-loved (said tongue-in-cheek) General Data Protection Regulation (GDPR) as an example. There were obviously compliance gaps that needed to be filled but this could also be used (and still can) as an opportunity to identify other business operational issues that could be fixed or, at least, consciously accepted. Here are some examples of what I mean:

  • Mailing lists:

Oh boy, did I smile at all the consent emails I personally received! It was both email overload and email decluttering at its best. Email overload for the ‘please please opt-in’ request and then email decluttering where I didn’t (in most cased at least). From my perspective this is a win-win. Some emails I never read in the first place therefor it was pointless to include me in these. Where I did have an interest, I naturally selected to opt-in to continue to receive the emails.

What is the relevant business operational issue the GDPR help highlight and resolve? Low return on investment from email marketing campaigns.

Over and above compliance – does the issue need fixing? – Considering cost vs benefits, I believe it does. Sending emails to people that don’t want it is counterproductive as it most likely pushes them away rather than attract them to your business. From a business perspective the GDPR gave the opportunity to truly determine who is engaged and will respond to your email marketing efforts – quality over quantity.

PS – if you have an existing contract and your emails relate to fulfilling this contract, the lawful basis of processing may be Article 6(1)(b) – Contract rather than Article 6(1)(a) – Consent.

  • Data storage

“Now where did I store that again?” “I need to work offline – shall I store a local copy?” “Which version is the latest one again?” I am pretty sure I am not the only one that have asked these types of questions.

The GDPR require us to always know (Article 30 – Records of Processing Activity):

What personal data
– of Who
– is stored Where,
– understand Why we need it,
– until When we need it and
– explain How we share and protect it.

With all the unstructured data we have on our systems, this could be a daunting task. The owner of this personal data (data subject) has rights and we need to inform them of this. From an ongoing compliance perspective processes need to be implemented to operationally document and manage this. It will be very easy to fall back into the old habits if these processes are not embedded and monitored.

What’s the relevant operational business issue the GDPR help highlight and resolve? Lower productivity and increased cost of data storage (storing more than necessary).

Does the issue need fixing? Considering cost vs benefit, I believe this one needs fixing too. Avoiding the emotional stress and spending less time trying to find specific documents is well worth the upfront effort of categorising and mapping the data. If we store only what we need, we pay less when we pay for storage capacity.

  • Business Understanding

Documenting business processes isn’t a specific GDPR requirement, but this is helpful in identifying the handling of personal data. Do we keep track of what we do, need to do, and don’t need to do? Do we know who needs to do it, how, by when and why? Are we doing things only because the previous person did it but have no understanding of why?

If your business is running smoothly there is no issue to fix. If not, the relevant operational issue to address is – Loss of productivity due to inefficiencies in processes; Doing things better and smarter. This helps businesses to be more agile and save money in the long term.

To determine if this is a problem that need fixing, the scale of the issue need to be assessed. If significant – fix issue. If not that significant – accept the issue.

In summary – do all problems need to be fixed? The short answer is no BUT to determine which issues DO need to be fixed and which ones don’t, proper cost-benefit analysis needs to be done. And, legal compliance is part of the cost of running a business and when approached in the right way can create opportunities too.

If you enjoyed this blog and would like to see more, give it a like on social media.