Interviews

Final GDPR checks

by Mark Rowe

On the eve of the European Union-wide General Data Protection Regulation (GDPR) becoming enforceable on May 25, unless you’ve been living under a rock for the last two years, you don’t need me to tell you that this new regulation promises to put power back into the hands of consumers, giving them more control over how their data is used, writes Adam Mayer, Technical Product Marketing, Qlik, a data analytics firm.

Yet with so little time left to become GDPR compliant, what are some of the final checks an organisation may want to consider? Here are some of the most prominent ones that I’ve been discussing with customers as we edge closer to that GDPR “start-line”.

Data culture

As part of being GDPR compliant business leaders need to be asking themselves if a) they truly understand the personal data that sits within their organisation, and b) whether all employees really understand how to correctly handle it? If the answer to either of those questions is no, then immediate steps need to be taken. Not only is it critical to ensure any organisation is handling the personal data it holds in accordance with the new law, but it is paramount that all staff, from board level, through to juniors, understand the implications it has on them. This is where a strong culture of data education and data literacy needs to be driven along with a mentality that GDPR compliance is just the start of the journey rather than finish point for all businesses.

Get to know the role

GDPR is naturally pushing the role of Chief Data Officer (CDO) to centre stage but it’s important not to fall into trap that, with a CDO, everything is under control. And that’s because the job role of the CDO varies enormously. Some are focused on compliance, taking on the more specific role of Chief Data Protection Officer, while others may look more at the bigger picture, finding new business models and improving operational efficiencies. Having clearly defined job specs and responsibilities between the CDO, the CDPO and the wider IT team is critical.

Understand data governance

With roughly a quarter of data breaches coming from inside an organisation, it is more important than ever before that businesses ensure only authorised personnel have access to the mission critical data needed for their role. This isn’t something that is achieved over night, it requires education, a strong and flexible data governance policy and an equally agile data analytics platform that can report and track everything and maybe even help to enforce it.

Ensure consent

It will be vital to track who has opted in and who has opted out of receiving marketing information. Clear visibility is needed across all marketing systems as any misalignment could be deemed as non-compliance. Sending out an unsolicited email to someone who has opted out, or worse not even opted in in the first place, could be a trigger for a complaint to a DPA / Supervisory Authority to investigate. Keeping a strong audit trail will help keep organisations on track and avoid any complaints.

Audit data retention

Do not keep any personal data any longer than is necessary. Business leaders must ensure their organisation’s data retention polices are up-to-date and well understood. Now is the time to get organised and continually enforce good auditing practices of files and records across all systems.

Responding to data privacy requests

GDPR essentially brings in enhanced rights to individuals – giving them a greater say in how their data in used and where it is stored. With 40pc of consumers expected to make requests on exactly this, business leaders must have an action plan in place to ensure they are ready to respond and share all details within the timeframe outlined. Locating such potentially vast amounts of data could take a lot of time and resource which is why self-service portals that empower individuals to gain access to their own personal data will become key.

Related News

  • Interviews

    Have your say

    by Mark Rowe

    Recently, writes Paula Mathers, Assistant Director at SIA approved contractor Coverguard Services, I had an article published about my dealings with the…

  • Interviews

    The data security gap

    by Mark Rowe

    Public sector IT security is a recurrent headline-grabber, and frequently not for the right reasons. Organisations, such as Local Authorities (LAs), have…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing