A sideways look at the General Data Protection Regulation
Added Monday 09 October 2017
Author: Kate Tickner, Business Development & Marketing Director, Entity Group
Can the advent of the GDPR be viewed as an opportunity, rather than yet another regulatory burden? Kate Tickner, Business Development & Marketing Director at information management consultancy firm Entity Group, thinks it can.
The countdown to the new EU rules on data, as enshrined in the General Data Protection Regulation (GDPR), is well under way, with just 8 short months in which to comply before the May 25th 2018 deadline.
From the smallest microbusiness to the largest global corporation, anyone holding data on EU citizens and residents will have to sharpen up on the way they capture, retain, protect and erase data. The GDPR reflects advances in technology, so the definition of ‘personal data’ also includes online identifiers such as IP addresses where it is possible to use them to identify individuals.
The GDPR ushers in a much tougher regime on non-compliance and breaches, too, with most people already aware that the maximum fine for the most serious infringements will be up to 4% of annual global turnover or €20 million, whichever is greater.
At Entity Group we would never trivialise the challenges that organisations face in complying with the GDPR. However, we feel there’s also an upside.
Let me tell you more…
A more mature approach to data management
It’s hard to argue with the principles behind the GDPR. Many of the new requirements are part and parcel of good data governance. They are what any organisation should be doing to respect the individuals on whom they hold data (‘data subjects’) and safeguarding relationships with them.
Wouldn't any bona fide organisation want to have watertight processes in place to protect valuable and sensitive data? And why would anyone want to store obsolete data on individuals with whom they haven’t done business for some time?
The GDPR brings extra impetus to strengthening the management of data. We believe that if organisations embrace the principles of the GDPR as part of a holistic data strategy, rather than complying grudgingly, there are clear business benefits. Organisations have the opportunity to become truly customer/citizen/employee-centric, with all the advantages this brings, and to build a wealth of accurate, up-to-date business data.
Bridging the gap
Entity regards the disparity between the data that organisations have today and the data they need to have tomorrow as a ‘Data Delta’, a gap that must be bridged for survival in a digital world. GDPR compliance is just one example of a Data Delta – albeit a significant one!
We’ve boiled down the core principles on data management to just six:
- Data must be governed and owned
- There must be an agreed description of the data
- Data quality must be defined, measured and managed
- Principles of access need to be established, addressing each aspect of the data lifecycle, storage, privacy and security
- How data is used and shared needs to be agreed, as well as how systems are integrated
- The organisation needs to determine which data needs to be controlled, how and by whom, so that business applications can be successfully implemented
More information on the Data Delta is available in our previous article for The IT Insider.
Viewed through the lens of the GDPR, all these principles are relevant to compliance. Moreover, applying these principles in data management as a whole brings a huge advantage when it comes to achieving compliance with the requirements of any specific regulatory framework – not just the GDPR.