The countdown to GDPR continues in the business world, with applicable businesses having to ensure compliance no later than May 25, 2018. The GDPR, as if we needed reminding, is not something businesses can afford to take lightly. There is no ‘easing in’ period, and organisations must be fully compliant from day one.
The penalties for failing to fully comply with the GDPR are extensive, and well publicised, with businesses who are found to have transgressed the regulations facing fines of up to 2-4% of their annual turnover.
With the stakes so high, one single violation could spell serious trouble for your business. Even if you can afford to pay a 2-4% fine of your turnover, the reputational damage from a serious data breach could itself prove to be fatal.
While all this can seem frightening, it is also an opportunity to put processes in place that will secure the data at your disposal, and potentially make your business more agile.
Perhaps the most important measure a business can take to ensuring GDPR compliance is implementing a data governance strategy. Effective data governance can help to inform business decision making, increase revenue streams through the harnessing of company data, as well as improving data security and guarding against any potential regulatory fines.
There are two crucial elements to a sound data governance strategy, as well as to ensuring GDRP compliance: Responsibility and Accountability.
Responsibility is key in data governance, and the best way to ensure responsibility is to employ someone to be responsible for your data. Assign a chief data officer or a dedicated data protection officer, and task them with overseeing and implementing the processes and strategies necessary to ensure the protection and security of your data.
The individual assigned to this role should be respected throughout the business, including upper management level. Your new chief data officer should also be experienced in their field and confident enough to lead and manage others. Ideally, a Data Governance Council should be created, with members of each department in the organisation represented in some form. To ensure that data is governed securely and effectively throughout the company, the Council should meet regularly to discuss the day to day management of data, and to raise any potential concerns or issues their respective department might be facing.
In March of this year, Steve Wood, Head of International Strategy & Intelligence at the ICO, gave a keynote speech the IAPP’s Data Protection Intensive in London. Wood revealed that, following the implementation of the GDPR, “the ICO’s main focuses will be on transparency, control and accountability”. He elaborated further, issuing valuable advice to businesses concerned about falling foul of the upcoming GDPR, stating
“If we come knocking on the door, if we investigate or conduct an audit in an organization, the best way you can demonstrate to us that we won’t need to delve deeper and you’ve got covered all the compliance issues is to have a comprehensive accountability program.”
To follow Wood’s expert advice, and to ensure data accountability in your organisation, business owners, and C-Suite level execs, must empower their data stewards to be accountable for the data at their disposal. Ultimately, data governance must be considered the priority of the entire organisation for it to be implemented effectively. If this is carried out successfully, then organisations will ensure their data is accessible, accurate, trustworthy, and, crucially, secure and GDPR compliant.