The final GDPR checks you mustn’t forget
We are now less than 24 hours away from the Europe's General Data Protection Regulation (GDPR) becoming enforceable on 25 May. And unless you’ve been living under a rock for the last two years, you don’t need me to tell you that this new regulation promises to put power back into the hands of consumers, giving them more control over how their data is used.
Yet with so little time left to become GDPR compliant, what are some of the final checks an organisation may want to consider? Here are some of the most prominent ones that I’ve been discussing with customers as we edge closer to that GDPR “start-line”.
Think about your data culture
As part of being GDPR compliant business leaders need to be asking themselves if a) they truly understand the personal data that sits within their organisation, and b) whether all employees really understand how to correctly handle it? If the answer to either of those questions is no, then immediate steps need to be taken. Not only is it critical to ensure any organisation is handling the personal data it holds in accordance with the new law, but it is paramount that all staff, from board level, through to juniors, understand the implications it has on them. This is where a strong culture of data education and data literacy needs to be driven along with a mentality that GDPR compliance is just the start of the journey rather than finish point for all businesses.
Get to know the role of your Chief Data Officer
GDPR is naturally pushing the role of Chief Data Officer (CDO) to centre stage but it’s important not to fall into trap that, with a CDO, everything is under control. And that’s because the job role of the CDO varies enormously. Some are focused on compliance, taking on the more specific role of Chief Data Protection Officer, while others may look more at the bigger picture, finding new business models and improving operational efficiencies. Having clearly defined job specs and responsibilities between the CDO, the CDPO and the wider IT team is critical.
Understand the importance of data governance
With roughly 25% of data breaches coming from inside an organisation, it is more important than ever before that businesses ensure only authorised personnel have access to the mission critical data needed for their role. This isn’t something that is achieved over night, it requires education, a strong and flexible data governance policy and an equally agile data analytics platform that can report and track everything and maybe even help to enforce it.
Ensure consent is effectively managed
It will be vital to track who has opted in and who has opted out of receiving marketing information. Clear visibility is needed across all marketing systems as any misalignment could be deemed as non-compliance. Sending out an unsolicited email to someone who has opted out, or worse not even opted in in the first place, could be a trigger for a complaint to a DPA / Supervisory Authority to investigate. Keeping a strong audit trail will help keep organisations on track and avoid any complaints.
Audit data retention policies
Do not keep any personal data any longer than is necessary. Business leaders must ensure their organisation’s data retention polices are up-to-date and well understood. Now is the time to get organised and continually enforce good auditing practices of files and records across all systems.
Responding to data privacy requests
GDPR essentially brings in enhanced rights to individuals – giving them a greater say in how their data in used and where it is stored. With 40% of consumers expected to make requests on exactly this, business leaders must have an action plan in place to ensure they are ready to respond and share all details within the timeframe outlined. Locating such potentially vast amounts of data could take a lot of time and resource which is why self-service portals that empower individuals to gain access to their own personal data will become key.
Adam Mayer, Technical Product Marketing, Qlik
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”