The world of personal data is no longer a lawless town in the Wild, Wild West. There’s a new sheriff patrolling the streets and cracking down on how companies handle their subjects’ data.
These changes are necessary to safeguard the future of digital privacy, but businesses small and large are faced with regulations they’re not equipped to enact and questions they’re not prepared to answer.
Can I become GDPR compliant without having to completely reconfigure my business?
GDPR: The Basics
On a very high level, the General Data Protection Regulation (GDPR) governs whose data you can hold, how it’s stored, and what has to happen in case of a breach. The subjects, which is to say the persons whom the data are about, now have the right to know exactly what data a company holds and to know what that information is used for.
This GDPR has been a long time in the works. For years, it existed as a directive, but on May 25, 2018 the regulation will officially come into effect. If you’re interested in the details, read here about the key differences between the directive and the regulation, or see the full document.
Here are some key points of the GDPR:
- it applies to any organization that processes the data of subjects residing in the EU, not just companies based in member states;
- a subject must give unambiguous consent to allow the use of their data, and provide specific opt-in consent in special cases;
- if requested, an organization must be able to provide a machine-readable copy of the data at no cost to the subject;
- any data breach that could result in a risk to the rights and freedoms of individuals must be reported within 72 hours;
- subjects have the right to be forgotten if they withdraw their consent, if the data are no longer necessary, or if the legal retention period has expired, to name a few conditions.
Regardless of a company’s support for these regulations, complying with them can present some practical difficulties, and a staggering 60% of businesses say they’re unready for the GDPR.
In an era of data breaches like those at Uber and Equifax, and shady data harvesting by Cambridge Analytica, regulations governing the security of personal information seem like a giant leap in the right direction (albeit one that’s catching up instead of blazing a trail). That said, as a business owner suddenly faced with major changes to your digital infrastructure, every article and clause in the GDPR can seem like another coin out of your pocket.
Changes in technological best practices can feel like the rug being yanked out from under your feet. But whether it’s establishing an online presence in the early 90s or deciding to wire your building for electricity decades prior, having the agility to evolve with these changes has always been good business.
Even without considering the enormous potential fines associated with not becoming GDPR-compliant, the greatest threat to your business could be keeping your head in the sand.
The perceived costs of complying with the GDPR may be high, but non-compliance is likely costing more than most companies realize.
During an Enterprise Data Governance Online webinar, Castlebridge MD Daragh O Brien said, “all the things GDPR asks you to do are simply good information management practices … they simply require you to stop, think, and implement appropriate means of governance.”
“Countless studies have found that the cost of poor-quality data in the average organization ranges between 10% and 30% of turnover as information needs to be checked, rechecked, and corrected before it can be used.”
Daragh O Brien
O Brien also notes that there is a missed opportunity cost in not getting your data in order, citing findings by Cisco which show that organizations with up-to-date privacy practices are minimizing their delay in a sales cycle nearly five-fold.
Privacy In Public
With the Cambridge Analytica scandal as only the most recent headline regarding digital ethics, issues of data privacy and security have been thrust into the media spotlight. Never before has the public been more acutely sensitive to how their data is handled and who handles it.
From within your organization, the transparency that comes with GDPR compliance means a boost in confidence in your own data.
From an outside perspective, a heightened focus on data security means a boost in customer confidence in your company.
Managing data safely and responsibly is a necessary step for every business. It may consume time and money, but it is a problem that needs a solution.
Clinging to improper data management practices is like living in a messy house: nothing’s where it’s supposed to be and everyone can see your dirty laundry.
What does it all mean?
Love them or hate them, regulations like the GDPR are necessary. Enforcing them requires measures of security and standardization, but once they are established, companies will start to see the immediate benefit that standard data governance provides. It is an eat-or-be-eaten moment for most organizations, and the ones that can effectively manage their data will set themselves apart from the pack. Ultimately data is a resource, and as with any resource, finding ways to unlock its potential drives a lot of value.
Rather than repeat the tired ‘data is the new oil’ maxim, let’s say data is nuclear.
Ungoverned or in the wrong hands it can be incredibly dangerous. In the right hands, and even with good intentions, it can still be easily mismanaged. But careful regulation paired with responsible handling and disposal means that those who are doing things correctly can generate incredible power.
Businesses that can’t adapt to the GDPR (or its eventual analog in a different jurisdiction) are going to be left in the dust.
IAPP says you need “a technology to integrate full content of all data sets, structured and unstructured, establish relationships between the data sets, annotate it with metadata and make it instantaneously searchable.”
Forbes knows, “problems of this scale require technical solutions that can still be capably wielded by individuals for use every day…validating changes, monitoring configurations and remediating any errors or unplanned shifts swiftly.”
You need data that’s readable, reliable, and stored securely. You need to monitor, update, and track changes to the data. If requested, you need to quickly and economically produce any data you have on a subject.
It’s not easy to come up with a data management solution that ticks all these boxes — we know because we’ve done it.
For companies running on legacy software, these requirements can seem prohibitively difficult to stomach, but even modern businesses are facing big hurdles. Most are not equipped (nor eager) to create an in-house system that can modify, standardize, and transport their data on the fly. Forget developing a robust role-based mechanism for distributing data throughout your organization; companies are still emailing Excel files from one floor to the next. This isn’t just inefficient, it’s dangerous. If data will be integral to a company’s continued success, finding a solution to these outdated ways of doing business is a real and present concern. Unless agile data management has been a core function of your organization, you’ll need a solution that meshes with your existing framework.
Being able to build, manage, and connect to data is the reason we built Namara. As a company, we are proud to work with organizations that know data management is key to their success. From listening to their needs and observing the changes in best practices for business, we have been in the unique position to develop a product that handles a variety of data, standardizes data assets no matter where they’re coming from, and updates on the fly, streamlining every aspect of the data pipeline from generation to use, reuse, and deprecation. Configuring that product to patch into any company’s existing framework, in their own instance and in their own cloud, is just good security. Ultimately, it’s been our mission to do all the not-so-fun things involved with data so that businesses can get back to business as usual.
No matter where it’s coming from, we strive to handle data in the most responsible way possible and to make it easy for our clients to do the same. Namara as a data management solution is a big step toward GDPR compliance.
Here are a few results we can expect in the coming months and years:
- increased public trust as a result of transparency and security;
- higher standards that lead to better and more effective data practices; and
- a better foundation on which companies can develop the open data landscape.
Even if you sit outside the scope of the GDPR, could it really be that long until similar policies impact businesses everywhere? New York has already rolled out the NYDFS Cybersecurity Regulation and as the benefits of the GDPR start to unfold, similar practices will crop up elsewhere.
How big of a competitive advantage is saying that you’re ahead of the game when it comes to data protection?
How many new opportunities will arise while the competition is catching up?
For every forward-thinking business, solving for data now means getting ahead of tomorrow’s problem.
Originally published at https://blog.thinkdataworks.com.