The challenges of complying with the European Union’s new General Data Protection Regulation (GDPR) are clear: Every organisation serving customers in the EU — including organisations outside the EU that offer goods or services to individuals within it — will need to comply with the new data privacy rules by May 2018.
The clock is ticking, and failure to comply could trigger EU fines of €20 million or up to 4 percent of global annual revenue, whichever is higher. Yet in the face of such sweeping regulations, it’s time to think beyond compliance. Leading organisations will find new ways of managing data, away from the fragmented silos and governance created from disparate quick-win efforts. Instead, they’ll improve information governance overall to achieve better outcomes through analytics.
To be sure, timely compliance is a big, complex task. In reality, few organisations will be fully ready come May 2018. Among other things, they’ll need to identify the relevant personal data they already have, where they have that data stored, why they have it, and whether they truly need to keep that data around.
That may sound straightforward. But for any large, multinational organisation with multiple databases, diverse data types and geographically dispersed storage systems, GDPR compliance will likely be a challenging task.
Still, there are opportunities to be gained from this exercise, such as combining the same information governance required by GDPR with business analytics. This proactive approach will allow organisations to leverage actionable business insights on an enterprise scale.
Seen this way, your GDPR compliance will be but a first step toward a more dramatic digital transformation, leading to better business outcomes. The benefits of moving beyond GDPR compliance can include:
- Better outcomes: Instead of taking a “pure IT” approach to GDPR, activate IT as a strategic business enabler.
- Improved data integrity: As part of your GDPR compliance, you’ll need to be able to erase and correct customer data on demand. But what if you have content sprinkled through repositories relating to a single business record or event? Then simply deleting data in one location could easily break your systems elsewhere. Instead, mesh your data for a true leverage.
- Effective data leveraging: Once you’ve identified and managed customer data for GDPR compliance, you can use it for analytics, knowledge management, promoting customer transparency and trust, the creation of new strategies and more.
To get started leveraging GDPR compliance for analytic insights, you’ll first need to take decisive steps toward compliance. That means answering three important questions:
- What personal data do we already hold?
- Where is this data, both physically and logically?
- Why do we have this data? And do we still need it?
Next, manage the process. Don’t just wait for subject access requests (SARs) from your customers. Instead, be proactive. For example, get rid of the guff. Pruning your data now will make GDPR compliance easier later. Don’t think you have much data to delete? Think again. We believe conservatively that up to 40 percent of all data is nonessential.
Perhaps the most important thing you can do is to get started soon. With the EU’s May 2018 deadline for GDPR compliance getting closer by the day, your organisation cannot afford to wait. Be active and do it now.
Ready to accelerate your move to GDPR compliance and beyond? Visit us today at: dxc.technology/gdpr
This blog post is the second in a three-part series, “Accelerating GDPR Compliance”, that explores the implications of the European Union’s new General Data Protection Regulation. See part 1, Accelerating GDPR compliance. And check back soon to view the final post on this important and far-reaching topic.