Big data is fast becoming the driving force behind many business strategies today. However, given that most sectors are purely based on personal data, nearly every company will be impacted by the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.
The regulation will significantly change and update the data protection rules in the UK, making it vital that organisations understand and comply with the new rules – not least because the penalties for non-compliance top €20 million or 4% of global turnover (whichever is higher). That said, those who embrace the legislation and seek to drive efficiencies will be richly rewarded.
Designed to safeguard personal information, the GDPR lays out essential requirements that all businesses handling personal data on EU citizens must adhere to. For example, every individual must give explicit consent for their personal data to be collected and used and they must understand how their information will be used. In addition, all personal data must be destroyed after a prescribed period of time.
With this in mind, it would be easy to believe everything related to GDPR compliance can be dealt with by an organisation’s legal team. But the GDPR is not just about database or IT security – it’s about change management.
Anyone handling personal data has a responsibility. As a result, everyone should now be assessing what personal data they capture, how it is collected and used, where it is stored, and what needs to be cleansed. While this can seem overwhelming, with the right foresight and tools, achieving compliance is not only achievable but hugely beneficial company-wide. And it starts with organisations putting data management at the heart of their GDPR preparation.
No excuses for not knowing
Any data management process requires organisations to know precisely what data they have. What the GDPR forces organisations to consider, however, is where they hold every single piece of personal data. Should an organisation suffer a breach, “not knowing” it has unseen data or inconsistencies in the treatment of data, is not a permissible excuse. Taken in this context, the issue of the personal data that all employees in an organisation holds becomes far more complex. The ability to quickly pull data from various sources into one place, and understand it, is giving professionals more power over their operations than ever before.
Visualisation technology – or dashboards – are fast becoming the tool for planning and preparing for the change the GDPR will bring. Here are five ways they can help:
Consent
Under the GDPR, there are stricter requirements for consent. Data must be clearly distinguishable, easily accessible, and capable of being withdrawn. Separate consent must also be sought for other processing activities. Using a dashboard can help organisations examine their data processing procedures and assess whether existing consent will still be valid under the GDPR.
Data Portability
Under the GDPR, organisations must provide individuals with the ability to obtain and reuse the data they hold on them across different services. Dashboard solutions allows businesses easily to segment and recall data in a consistent format.
Data security
A key benefit to undertaking a thorough data discovery and management exercise in preparation for the GDPR is the additional security this will bring to an organisation, such as finding ‘hidden’ data and enabling businesses to ensure all sensitive or confidential data is appropriately segmented and subject to correct security procedures.
Data sharing
The ability to rapidly and consistently handle requests for information from individuals is crucial for compliance. Addressing this manually is time consuming and costly. By implementing visualisation technology, this task will not disrupt day-to-day business, and organisations will also be ready for the exponential increase in requests for data.
The right to be forgotten
Under the GDPR, if an individual asks you to ‘forget’ them, organisations are obliged to delete any personal data relating to them where there is no legal reason for its continued existence. This can extend to the sharing of this data with third parties. Putting in place a process that will enable organisations to rapidly pinpoint and remove this data eradicates a traditionally tedious manual exercise and becomes low-impact to the business.
Of course, these are just the first steps in an on-going process but they are crucial for any business that wants to get compliance right the first time. After all, understanding the type of data that will be affected under the GPDR is one thing. Having to search for where that data is held is another entirely and, without the right tools, one which is almost impossible – and one which becomes a company-wide problem.
By Robert Dagge, Managing Director, Dynistics
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus