So you’ve made it past May 25: but GDPR is here to stay and ongoing compliance needs constant vigilance
Anyone who’s been sweating to get systems fit and ready for GDPR, the new data protection regulations which come into force on May 25, could be forgiven for taking ten minutes to enjoy a cold beer in the sunshine to celebrate.
But the reality is that the 25 May must be seen as the start of a process not the end.
To make sure you stay compliant systems will need to stay responsive.
Keeping data sets clean and tidy, ensuring easy and transparent unsubscribe processes and dealing with other data requests did not just end on May 26.
Making sure new staff are trained in the rules and their responsibilities is another ongoing task. As is dealing with staff as they move around the organisation and their data rights and responsibilities change with their role.
Additionally there is a worrying lack of certainty as to exactly how the rules will be enforced in practise for certain organisations. For instance just how the rules will hit universities and colleges and other organisations carrying out academic research is not entirely clear.
Details will vary for individual types of business and organisations and will evolve over time. There is also a longer-term issue around whether the government will follow up on its promise to introduce its own legislation.
As with any regulations the devil is in the detail and smart organisations will keep an eye on their peers, as well as advice from the Information Commissioner’s Officer.
The good news is that the processes already undertaken should help you continually improve data protection and privacy which will benefit the business as well as ensuring compliance with the new rules.
Part of complying with GDPR is being able to provide documentation to prove that you are indeed complying. But that very same documentation can form the basis for future improvements.
This information can allow stakeholders or the relevant data protection officer to plot and study data flows within the organisation.
There’s an opportunity here to improve data flow as well as making sure you’re following the relevant regulations.
There are tools available to turn all this information into easily understandable and actionable insights.
Using dashboard tools will keep the organisation safe but also give a far clearer view of your organisation’s data assets and how they might be better used to power improved decision making and resource planning.
This could help provide cost savings to the business but also give the raw materials for more intelligent and data centred decision making.
GDPR might have unexpected beneficial impacts on how business processes are organised by forcing you to take a more analytic view of how information is used and passed around the company.
It is likely that some of these processes can become automated over time which will both save time and improve accuracy while also reducing errors.
All of this should help build systems based on solid, checked data rather than ramshackle data sets which have built up without proper checks in place.
In turn this should leave the organisation’s systems better able to provide the foundations for future developments and more intelligent systems.
Just as GDPR requires you to delete data which is no longer timely or relevant so a proper approach to the new rules will likely change over time.
But that means making the most of the business advantage of the hard work you have already put in to make sure the company is compliant.
Those tools can now be used to turn your organisation into one which is truly powered by its data and can be certain it is ready for dealing with how that information changes over time.