While the GDPR deadline was back in May 2018, it has become clear that GDPR compliance certainly wasn’t a one-time investment project and remaining complaint in 2019 and beyond needs continued investment. This investment is likely to be substantial with The Ministry of Justice estimating that the cost of GDPR compliance to UK business could be as high as £2.1 billion over fourteen years .
Organisations in the UK have woken up to the fact that to achieve continued compliance, they must adopt a new way of life; after all, the risks of failing to be compliant are substantial. However, many are also wising up to the fact that investment in GDPR could benefit their business in a variety of ways.
As we look to the year ahead, businesses must continue to assess their GDPR strategy, paying particular attention to these five key areas:
1. Manual data governance and privacy
Data governance requires organisations to do several things – understand the regulation, make organisational changes, such as appointing a Data Protection Officer, modify business practices and – above all – know what personal data is stored, who is using it, how and for what purposes. As manual tasks often have a greater risk of human error, it is vital organisations put the right processes in place to ensure they are performing these manual tasks effectively. Manual processes will only be sustainable if organisations accept them as a corporate “must do” and create a “privacy” mindset.
2. Automation technology
Investment in automation technology is vital to managing costs, improving quality and consistency and reacting quickly to opportunities, threats and challenges. The growing volume and variety of fast-moving data means that nobody is going to be able to keep track without automation. To know exactly where data comes from, how and why it’s used and where it goes, businesses must deploy technology that employs artificial intelligence (AI). Try as they might, businesses just won’t be able to achieve the same results through spreadsheets and word documents.
3. Data lineage
To get the most from GDPR compliance, businesses must get a better grasp of data lineage and what it means to their business. Real data lineage is an understanding of the reality of that data, its transformational nature, its associations and its lifecycle across the data estate and over time. Some people talk about data lineage as though it were no more than knowing how data moves from “A” to “B”. Real data lineage has business, application and technical perspectives. It understands data transformation, not just movement and associates data to business meaning and processes. It’s the critical knowledge base that data governance and mobile device management depend on.
4. Data quality
The process of identifying and culling data that was undertaken to become GDPR compliant initially should become an ongoing task as the quality of data and the ability to protect it is far more important than quantity. Organisations must identify what data is working for them and what data is working against them to reduce the amount of data it holds. The remaining data is then likely to be more valuable and of more use to the business and the risk from unused data is eliminated.
5. Gaining business value
In 2019, businesses should remind themselves of the added value GDPR compliance brings with it and look at how they can use this to their advantage. Organisations should look at the bigger picture and focus on the trust that can come from well governed data so that it can then create more confidence in its use while also mitigating risk. This includes the potential to reduce direct costs, create efficient audit processes, manage and track the information supply chain and use insights from data to drive business decisions.
For ongoing compliance, it is vital that organisations create processes that are robust enough to be followed in the long term. Fortunately, this can be achieved with the help of automation. Although the initial investment in this technology may be costly, businesses must look at the bigger picture and the potential for return on investment. While compliance required by law, organisations must begin to view it as an opportunity rather than a burden.
Gary Chitan, Head of Enterprise Data Intelligence Software at ASG Technologies.