To truly comply with the new General Data Protection Regulation (GDPR) rules, means being able to see into ALL of the organisation’s data, which will assist in adopting a holistic approach with processes adopted across all industries, geographies and business units and provide a clear strategy on access and classification. Organisations need to know where personal data is stored, in what form it is found and keep track of who is authorised to access it. This can be difficult given today’s fragmented computer systems and networks.
In simplistic terms, the best place to start are looking at the process to support current Subject Access Requests, as these are the foundation for a GDPR request. The following activities need to be captured:
1 Understand the Subject Access Request process
2 Identify all of your data sources and target data that should be cleansed
3 Review the available tools and methods to search the data sources and highlight the gaps where it’s lacking
4 Identify the correct platform to load the information for review and ensure it can give comfort that the data cannot be changed, chain of custody can be assured and an audit of the requests can be recorded
5 Can you do it within the time limits of the GDPR?
Remember data is digital, so keep it digital from start to finish.
If you don’t know what data you hold you can’t comply. Organisations hold vast quantities of data that they do not need or understand. Recent Veritas Databerg Report has found that 85% is “dark” data, or ROT (redundant, obsolete, or trivial). Findings from Veritas’ Data Genomics Index highlighted that 41% has not been touched in three years and expansion of data is an alarming 39% a year, with very little insight. Such rapid growth also increases the risk of security breaches, poor productivity, reduced customer satisfaction and escalating storage costs. In the State of Information Governance 2016 Report 94% of organisations have a formal information governance programme in place or in planning, only 40% are high performers when it comes to being effective with an information governance culture within the organisation and its employees.
Benefits of Compliance
Compliance requires significant investment, but this can be offset to a significant degree:
1 Align processes and tools to encourage and monitor good employee behaviour
2 Realising operational efficiencies and will be a big focus for departments including IT, marketing and HR.
3 Enables companies to build a digitised future – they can turn data into a business asset, reduce risk and eliminate redundant data that clogs their information systems.
The new rules can be a vehicle for reform.
Conforming to the new rules means regaining control of data and tuning business processes for better efficiency and effectiveness. It enables a holistic approach that solves the common problem of too much data and too little information. Risk and costs are reduced while improvements are made in business agility, innovation, IT security and innovation. You also protect your brand integrity, demonstrating to customers that you value them and respect their privacy. GDPR is a huge opportunity to build a successful digital business.
Find out how to ensure that your company is fully prepared for the implementation of GDPR by attending the GDPR Conference Europe, designed to help businesses prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at www.gdprconference.eu
Catch the replays and discover the best talks from Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.