*As featured on Information Age*
At Experian we believe that the General Data Protection Regulation (GDPR) presents a positive opportunity to transform the way you organise and process your data; increasing the value you derive from it and reinforcing customer-centric business practices that are essential in our data-driven age. I was delighted therefore to see my recent article on preparing for the regulation sourced in a guest article on Information Age. You can read it below or visit Information Age to read it along with a host of highly informative industry perspectives.
The impending GDPR is ready to impact every organisation that deals with Europe. The penalties are big, so preparation is key.
A core theme of the European Union’s General Data Protection Regulation (GDPR), which is to keep consumer interests front of mind at all times, mirrors sound fundamental advice for all companies.
Customer-centric business practices are especially essential in the data-driven age, driving innovation and opportunity. Yet, GDPR requires a significant change in behaviour for most firms.
For those looking to ensure that their journey ends well, or needing to implement compliance in a hurry before that May 2018 deadline, here is an actionable set of advice. It’s designed to help organisations of any size and complexity to navigate compliance, rapidly.
If they’ve not already, it is imperative that businesses start to think about their implementation requirements immediately.
It’s not good enough to feel ‘fairly confident’ that the data held is being used in the interests of the customer. It’s a requirement that new levels of scrutiny are applied here, and the customer’s perspective is the be-all and end-all guide to whether you are getting it right.
With this in mind, we’ve created this three step process for organisations to work through in order to help firms navigate – and potentially thrive – in the new regulatory environment.
When preparing for GDPR, organisations must make sure that the personal data they hold is accurate and that the collection, storage, use and erasure of that data follow a ‘Privacy by Design’ approach which takes privacy into account from inception and throughout the whole process.
Data quality is the first stage in the process. Only after a thorough investigation can businesses understand where they may be exposed and where they need to improve their data management practices.
It’s also a good idea to develop a full understanding about what constitutes ‘personal data’, given the broader GDPR definition. Consider the quality and integrity of the personal data held. Is it accurate and up to date?
It is a given that with the enhancement in standards of customer data management set by the new regulatory framework, businesses must improve their approach in line with those new requirements.
Organisations need to ensure they are always meeting the rights of the data subject, holding accurate data and improving practices such as data portability and subject access requests, guaranteeing that the consumer’s right to rectify, object and have their data deleted is straightforward to arrange.
Some practices you should consider introducing to help with the new requirements set by the GDPR should include:
Businesses need to absorb new models of best practice into their data strategy and, ideally, integrate it into the culture of the organisation.
They need to ensure ‘bad data’ is prevented from entering their systems after the GDPR deadline has passed. Key contact information should be usable and accurate so that customers can be reached easily. Identity and fraud checks will need to be built into current systems.
Furthermore, organisations will be expected to have the right processes in place to protect their customers in the event of a data breach. Coherent response plans will need to be incorporated into business plans, so that these new criteria can be met.
When assimilating new data-related policies and procedures into your organisation’s approach, some steps that should be worked through are:
The new rules put customers’ interest firmly at the heart of doing business, the aim to promote more transparency and build trust. This can only be a good thing.
That said, moving towards a data strategy that allows organisations to flourish in the new regulatory environment is likely to throw up some challenges. Preparation and timely action will be key to making the most of the opportunities ahead.
However, only when they start to think more deeply will they recognise that if they improve their data governance they will achieve a more fundamental and resilient level of compliance.
The points above should give a good indication of the task ahead – but firms should also seek expert advice from a qualified partner. Although daunting, GDPR should be seen as a chance to transform a business for all the right reasons, putting consumers’ interests firmly at the heart of our data powered future.
Please note that while we can support businesses with their preparations for the GDPR, we cannot offer legal counsel or compliance advice.