GDPR: The Basics
On a very high level, the General Data Protection Regulation (GDPR) governs whose data you can hold, how it’s stored, and what has to happen in case of a breach. The subjects, which is to say the persons whom the data are about, now have the right to know exactly what data a company holds and to know what that information is used for.
This GDPR has been a long time in the works. For years, it existed as a directive, but on May 25, 2018 the regulation will officially come into effect. If you’re interested in the details, read here about the key differences between the directive and the regulation, or see the full document.
Here are some key points of the GDPR:
- it applies to any organization that processes the data of subjects residing in the EU, not just companies based in member states;
- a subject must give unambiguous consent to allow the use of their data, and provide specific opt-in consent in special cases;
- if requested, an organization must be able to provide a machine-readable copy of the data at no cost to the subject;
- any data breach that could result in a risk to the rights and freedoms of individuals must be reported within 72 hours;
- subjects have the right to be forgotten if they withdraw their consent, if the data are no longer necessary, or if the legal retention period has expired, to name a few conditions.
Regardless of a company's support for these regulations, complying with them can present some practical difficulties, and a staggering 60% of businesses say they're unready for the GDPR.
In an era of data breaches like those at Uber and Equifax, and shady data harvesting by Cambridge Analytica, regulations governing the security of personal information seem like a giant leap in the right direction (albeit one that’s catching up instead of blazing a trail). That said, as a business owner suddenly faced with major changes to your digital infrastructure, every article and clause in the GDPR can seem like another coin out of your pocket.
During an Enterprise Data Governance Online webinar, Castlebridge MD Daragh O Brien said, “all the things GDPR asks you to do are simply good information management practices ... they simply require you to stop, think, and implement appropriate means of governance.”
“Countless studies have found that the cost of poor-quality data in the average organization ranges between 10% and 30% of turnover as information needs to be checked, rechecked, and corrected before it can be used.”
Daragh O Brien
Privacy In Public
With the Cambridge Analytica scandal as only the most recent headline regarding digital ethics, issues of data privacy and security have been thrust into the media spotlight. Never before has the public been more acutely sensitive to how their data is handled and who handles it. From within your organization, the transparency that comes with GDPR compliance means a boost in confidence in your own data. From an outside perspective, a heightened focus on data security means a boost in customer confidence in your company.
Managing data safely and responsibly is a necessary step for every business. It may consume time and money, but it is a problem that needs a solution.
What does it all mean?
Love them or hate them, regulations like the GDPR are necessary. Enforcing them requires measures of security and standardization, but once they are established, companies will start to see the immediate benefit that standard data governance provides. It is an eat-or-be-eaten moment for most organizations, and the ones that can effectively manage their data will set themselves apart from the pack. Ultimately data is a resource, and as with any resource, finding ways to unlock its potential drives a lot of value.
Businesses that can't adapt to the GDPR (or its eventual analog in a different jurisdiction) are going to be left in the dust.
IAPP says you need “a technology to integrate full content of all data sets, structured and unstructured, establish relationships between the data sets, annotate it with metadata and make it instantaneously searchable.”
Forbes knows, “problems of this scale require technical solutions that can still be capably wielded by individuals for use every day...validating changes, monitoring configurations and remediating any errors or unplanned shifts swiftly.”
In summary, you need data that’s readable, reliable, and stored securely. You need to monitor, update, and track changes to the data. If requested, you need to quickly and economically produce any data you have on a subject.
It's not easy to come up with a data management solution that ticks all these boxes - we know because we've done it.
For companies running on legacy software, these requirements can seem prohibitively difficult to stomach, but even modern businesses are facing big hurdles. Most are not equipped (nor eager) to create an in-house system that can modify, standardize, and transport their data on the fly. Forget developing a robust role-based mechanism for distributing data throughout your organization; companies are still emailing Excel files from one floor to the next. This isn't just inefficient, it's dangerous. If data will be integral to a company's continued success, finding a solution to these outdated ways of doing business is a real and present concern. Unless agile data management has been a core function of your organization, you'll need a solution that meshes with your existing framework.
No matter where it's coming from, we strive to handle data in the most responsible way possible and to make it easy for our clients to do the same. Namara as a data management solution is a big step toward GDPR compliance.
Here are a few results we can expect in the coming months and years:
- increased public trust as a result of transparency and security;
- higher standards that lead to better and more effective data practices; and
- a better foundation on which companies can develop the open data landscape.
Even if you sit outside the scope of the GDPR, could it really be that long until similar policies impact businesses everywhere? New York has already rolled out the NYDFS Cybersecurity Regulation and as the benefits of the GDPR start to unfold, similar practices will crop up elsewhere. How big of a competitive advantage is saying that you’re ahead of the game when it comes to data protection? How many new opportunities will arise while the competition is catching up? For every forward-thinking business, solving for data now means getting ahead of tomorrow's problem.