The final GDPR checks you mustn’t forget

By Adam Mayer
We are now less than 24hours away from the Europe'sGeneral Data Protection Regulation(GDPR) becoming enforceable on 25 May. And unless you’ve been liv...

We are now less than 24 hours away from the Europe's General Data Protection Regulation (GDPR) becoming enforceable on 25 May. And unless you’ve been living under a rock for the last two years, you don’t need me to tell you that this new regulation promises to put power back into the hands of consumers, giving them more control over how their data is used.

Yet with so little time left to become GDPR compliant, what are some of the final checks an organisation may want to consider? Here are some of the most prominent ones that I’ve been discussing with customers as we edge closer to that GDPR “start-line”.

Think about your data culture

As part of being GDPR compliant business leaders need to be asking themselves if a) they truly understand the personal data that sits within their organisation, and b) whether all employees really understand how to correctly handle it? If the answer to either of those questions is no, then immediate steps need to be taken. Not only is it critical to ensure any organisation is handling the personal data it holds in accordance with the new law, but it is paramount that all staff, from board level, through to juniors, understand the implications it has on them. This is where a strong culture of data education and data literacy needs to be driven along with a mentality that GDPR compliance is just the start of the journey rather than finish point for all businesses.

See also:

Get to know the role of your Chief Data Officer

GDPR is naturally pushing the role of Chief Data Officer (CDO) to centre stage but it’s important not to fall into trap that, with a CDO, everything is under control. And that’s because the job role of the CDO varies enormously. Some are focused on compliance, taking on the more specific role of Chief Data Protection Officer, while others may look more at the bigger picture, finding new business models and improving operational efficiencies. Having clearly defined job specs and responsibilities between the CDO, the CDPO and the wider IT team is critical.

Understand the importance of data governance

With roughly 25% of data breaches coming from inside an organisation, it is more important than ever before that businesses ensure only authorised personnel have access to the mission critical data needed for their role. This isn’t something that is achieved over night, it requires education, a strong and flexible data governance policy and an equally agile data analytics platform that can report and track everything and maybe even help to enforce it.

Ensure consent is effectively managed

It will be vital to track who has opted in and who has opted out of receiving marketing information. Clear visibility is needed across all marketing systems as any misalignment could be deemed as non-compliance. Sending out an unsolicited email to someone who has opted out, or worse not even opted in in the first place, could be a trigger for a complaint to a DPA / Supervisory Authority to investigate. Keeping a strong audit trail will help keep organisations on track and avoid any complaints.

Audit data retention policies

Do not keep any personal data any longer than is necessary. Business leaders must ensure their organisation’s data retention polices are up-to-date and well understood. Now is the time to get organised and continually enforce good auditing practices of files and records across all systems.

Responding to data privacy requests

GDPR essentially brings in enhanced rights to individuals – giving them a greater say in how their data in used and where it is stored. With 40% of consumers expected to make requests on exactly this, business leaders must have an action plan in place to ensure they are ready to respond and share all details within the timeframe outlined. Locating such potentially vast amounts of data could take a lot of time and resource which is why self-service portals that empower individuals to gain access to their own personal data will become key.

Adam Mayer, Technical Product Marketing, Qlik

Share

Featured Articles

Cloud & 5G - Day 1 highlights from the in-person stage

TECH LIVE LONDON returned to the Tobacco Dock last week. The stage host and Technology Magazine Editor in Chief, Alex Tuck, discusses the key themes

TECH LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at some of the highlights of our final day at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Digital Transformation

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

Cloud & Cybersecurity

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation