Most risk managers at the IRM’s Big Debate event in London this July had started their GDPR projects. But from a show of hands, few considered the General Data Protection Regulation an opportunity to improve risk management processes.

Julia Graham, deputy CEO and technical director at Airmic, told delegates that they should be doing just that.

For example, under GDPR companies must document what personal data they hold. They must know where it came from and with whom it’s shared. If companies share inaccurate data, they need to correct it with their data partners.

Organisations must demonstrate their accountability. That means having a firm grip on their data and its underlying processes.

Sound like a drag? It will be. But understanding what data the business owns and how it is used and shared could be a huge benefit. With such knowledge, exploiting data through advanced analytics techniques is possible. And with only about 1% of organisations in that position today, complying with GDPR could bring competitive advantage.