DATA PROTECTION BY DESIGN: The Opportunity in the Obligation of GDPR Compliance
Data breaches and other considerations of data privacy have become a common occurrence in today’s digital reality. When the world’s largest social media platform’s CEO finds himself in the spotlight answering questions about data privacy policies, and data privacy regulations are being instituted and revisited all over the world, it seems the time is right to focus on what happens with data about customers and trading partners.
The General Data Protection Regulation (GDPR) is at the forefront of data regulations, largely due to the May 25, 2018, compliance deadline that impacts any organization which controls or processes data relating to data subjects in the EU. One of the key challenges businesses will face regarding GDPR compliance is understanding how the regulations will affect them. A fundamental factor in how successful businesses will fare in meeting GDPR and future data compliance requirements is the character and quality of data maintained about trading partners, and the ongoing practice of data management to access, evaluate, and report information accurately.
The report “DATA PROTECTION BY DESIGN: The Opportunity in the Obligation of GDPR Compliance” (see below), prepared by Forbes Insights and commissioned by Pitney Bowes, provides excellent guidance on a data management approach organizations should consider for GDPR compliance. The benefits of a sound data strategy far exceed the efforts of this particular compliance mandate; it also puts organizations in an advantageous position, demonstrating commitment to customers and repeatable agility in preparation for other regulatory changes that are coming down the pike or are being considered in various countries around the world.
Anthony Scriffignano, PhD, Dun & Bradstreet’s Chief Data Scientist, was interviewed for this report and provided three data-practice suggestions that firms can implement to address not only GDPR but also other data regulations they may face:
- One thing I would say is all your processes should be a closed loop. There should never be a “one and done.” There should be ongoing review. There should be ongoing reevaluation to make sure that when the environment changes, the response to that environment is changing in a commensurate way.
- The second thing is to be very careful if you have the wolves watching the henhouse. There needs to be separation between the organization that’s responsible for compliance and the one that’s responsible for [data] discovery, curation, and stewardship. You don’t want to be entirely self-evaluating. That doesn’t necessarily mean that you have to bring in auditors, but it means you should think about organizational allegiances and unintentional work at cross purposes.
- The third thing is you should occasionally get an outside opinion in some way. That might mean you bring in consultants, it might mean that people attend training and seminars, or [it might mean] that you have customer forums. But you’ve got to have that external voice.
Read the full “DATA PROTECTION BY DESIGN: The Opportunity in the Obligation of GDPR Compliance” report, which discusses how a good approach to data can help accelerate data regulatory compliance and pave the way for smooth implementation.