- 09.07.2018 01:15 pm
- 14.05.2018 12:30 pm
- 25.12.2017 09:00 am
The General Data Protection Regulation (GDPR) narrative may often be framed around security breaches, but this headline-grabbing angle perhaps overlooks the new legislation’s broader role as a catalyst to support the digital transformation agenda at many organisations.
With reforms to the handling of personal data having far reaching consequences and bringing a new legal framework to the UK, the EU and across the globe, the stakes are high. At 4% of annual global turnover, potential fines for non-compliance dwarf the usual regulatory penalties, and in turn present the very real prospect of extinction for businesses that do not get a handle on what is expected.
It’s why visionary organisations are embracing the challenge by looking beyond box-ticking compliance to capitalise on the opportunity to align legislative adherence to their broader digital strategy.
In essence, this heightened governance will demand much more when it comes to the processing of consumer data; greater responsibility, accountability and robust evidence of privacy controls, and for many this will mean a rethink of their entire ethos towards data protection. Now, with the compliance deadline looming, the need to review existing business processes and remedy any gaps intensifies. Experts predict that even the most digitally mature organisations could still be caught napping if they don’t make fundamental changes to their data infrastructure by May next year.
Ultimately, those that use this development as an impetus for more innovative and ingrained digitalisation will be better placed to foster an organisational culture of continuous improvement to enrich their offering and stay competitive. This will be critical to serve customers whose growing power is cemented by the new legislation. Now, with greater control over their data - including the right to request its deletion if there’s no compelling reason for an organisation to carry on processing it - customers have much higher expectations as to how their data should be used. As well as enhanced transparency and protection around personal information, a more value-driven data exchange fuelled by innovation has increasingly become the norm in this relationship – be they business or private individuals, or partners in the broader supply chain.
Furthermore, with the success of the reforms resting on the extent to which consumers buy into the increased sharing of their personal data - albeit in new and controlled ways - the onus is on businesses to drive their buy in. Yet while consumer trust is paramount, it remains elusive, borne out by the most recent ICO survey which found that 75% of adults in the UK don’t trust businesses with their personal data.
Overcoming an inherent suspicion means that all core processes must be underpinned by accountability, accuracy and transparency, with a demonstrable understanding from the business of the risks that it creates for others and how these can be mitigated.
As a result, savvy organisations are turning to the solutions which help them negotiate this delicate balance between consumer data analysis, data governance and privacy protection, without the need for compromise. It calls for the kind of astute data management which provides an up to date and single view of the customer with accessible reporting dashboards, while meeting the heightened security and privacy demands as their personal financial information is shared more broadly with a range of third parties.
Built in governance features to control business process content become a critical component for auditors who require a 360-degree review of activity. With greater visibility and control of operations, business processes can be consolidated and standardised to ensure best practice and absorb the new regulatory framework for GDPR, adhere to new policies and ensure demonstrable compliance, all while driving a culture of continuous improvements and added value.
Other technologies/solutions aiming to drive greater collaboration internally will also reap dividends, as teams are equipped to define, simplify, share and change their processes in minutes, not days, leave feedback and approve changes. The result is that major operational changes around digital transformation can be communicated to the entire organisation in a way that minimises business disruption, reducing inefficiency and risk.
Furthermore, this technology plays a central role in data management and process change education for employees - steering them through the quagmire of user rights around consumer data, personal and financial information. As we prepare for the seismic shift that GDPR represents, establishing a deep understanding across an organisation is vital to facilitate the effective responses to areas of deficiency identified and actions to address them, including evidential, demonstrable progress to the regulator, when requested.
For savvy organisations GDPR can therefore unite the digitalisation and compliance agendas, driving initiatives of mutual benefit for both the Chief Digital Officer and Chief Data Officer, the organisation and ultimately the consumer.