A lot has been said about the General Data Protection Regulation (GDPR) that has come into effect from May 25, 2018. In the digital world, trust is invaluable, and customers, employees and all other parties will expect organizations to be responsible while using their data and in safeguarding it. Lack of trust in digital ecosystems brings in more challenges for companies to liberally use processes or share data in today’s digital economy. An ethos of data security and privacy by design is required for limiting exposure to adverse risks and protection of new business models. High ethical standards and strong digital trust will act as differentiators for companies in order to outpace their competition and to achieve better business outcomes.
A few organizations have taken steps in order to be GDPR-compliant with appropriate investments in technologies and processes. However, we find there are many organizations who are still in a period of adjustment, and where awareness on GDPR is building up, but not enough.
What will be the next steps to become GDPR complaint? We will see convergence in efforts towards GDPR-compliance along with a sharp focus and investment on data governance strategies and technologies. Companies will:
- Analyze gaps in GDPR-compliance and come up with a roadmap plan that is agile and executable and which can be completed within a reasonable amount of time.
- Put a firm strategy in place to adopt technology solutions that plug gaps in data discovery, data security and processing of rights and consents. Organizations will have to navigate through their vast data ecosystems to discover personal data and put in place mechanisms to protect it.
- Strengthen transparency in demonstrating how the data is being used and document data processing capabilities.
- Sharply focus on a “new data governance strategy” with data security and a “trust based model” as key drivers. Data strategies will evolve from being “truth-based” to “trust-based” and importance shall be given to centrally controlling the most critical and commonly used reference data than seeking absolute control of all the data attributes and measuring them on quality, consistency and completeness.
What are your views on measures that your organization needs to undertake in order to comply with the GDPR?