The EU General Data Protection Regulations (GDPR) is, as its name suggests, a way of protecting consumers. However businesses could be failing to protect themselves from huge fines, reputational damage and prison by failing to understand what the impact GDPR will have on their current data management, policies, processes and systems. Information ignorance is no excuse. The fact is, whatever a business does, if it handles personal data it is legally bound to comply with data protection regulations to ensure it keeps personal data safe and secure.
The 2017 deadline is fast approaching and the regulators are still in discussions about potential fines of up to two percent of global gross revenue for data breaches. The FCA, which regulates the financial industry, has more stringent requirements and is unlimited in the fines it can issue. Already the FCA has listed more than £800 million worth of fines to businesses breaching financial principles this year. However, the cost to companies is not just the hefty fines, but the potential compensation payable to those affected and the reputational brand damage when they become public.
The need for business intelligence
A single unified data model is the key from which organisations can unlock value to better serve and retain customers. The ability to analyse data and turn insight into action has delivered countless benefits to companies. At the same time, the regulations which deem how the data can be used have been tightened up to better protect consumers, providing a management headache for business leaders.
The challenge ahead
The updated reforms will include key changes to the way in which personal data can now be used and stored. Organisations will not only be expected to have these updated processes in place, but for these to be documented and available on demand, with staff being fully aware of the changes and implications. As it stands, almost half of organisations across Europe are yet to realise the full extent of the changes on their organisational policies and processes.
Consequences of non-compliance
To put this non-compliance into perspective, a recent study found the cost to an organisation responsible for a data breach has increased each year since 2007. Today each compromised record costs an average of £104. When considering the bigger picture, this equates to a significant average cost of £2.37 million per year .
To help overcome the challenges of overhauling data management systems ahead of the deadline, there are three key areas, which organisations need to address:
1. Consider data policy from the beginning—Nothing can beat having a robust data policy and data governance process in place from the outset. This cost-effective method of considering compliance from the very start, helps reduce time spent on inaccurately managing data.
2. Digitise and anonymise—With the digitisation of systems, having a unified data model with a single view of the customer has become the biggest issue facing organisations today. A key focus area of the regulation is the use of data within test environments ensuring that all data contained therein is anonymised. A mammoth task given the levels of system integration and end-to-end processing required to ensure system accuracy and stability. Choosing the right tools to manage and anonymise or synthesis data for your business is paramount to efficient execution of the task.
3. Invest upfront for true business benefit—Without the correct IT, policies, processes and governance in place to ensure data quality and compliance, organisations could be exposed to hefty fines whilst missing out on key business benefits.
Making upfront investment and building a strong framework for data from the very beginning is key. Bringing experts on board to make sure data is correctly mapped, stored and used will ensure the business adheres to both existing and emerging regulations, preventing unnecessary fines and ultimately boosting data performance for the benefit of the entire business.
Contributed by Cindy Truyens, managing director at SQS