For the majority of UK businesses, a huge amount of time and resource was invested to become GDPR compliant in time for the May 2018 deadline. The cost of implementing GDPR was substantial, with a report by The Ministry of Justice estimating that the cost to UK business could be as high as £320 million a year, and £2.1 billion over fourteen years.
As the statistic suggests, the work to remain GDPR compliant is far from over and as we approach 2019, it is becoming increasingly clear to organisations that GDPR wasn’t a one-time investment project. Instead, GDPR is now a way of life for organisations and continued investment is needed to maintain compliance. The risks of failing to acknowledge this are substantial, with the potential to incur hefty fines if found to be in breach of compliance.
As 2019 nears, it is vital that businesses continue to assess their organization’s GDPR strategy. Here are our top five tips to not only remain compliant in 2019, and long into the future, but also reap the rewards of doing so:
1. Invest in the right technology
Organisations must invest in automation technology to allow them to manage costs, improve quality and consistence and to react quickly to opportunities, threats and challenges. The exploding volume and variety of fast-moving data means that nobody is going to be able to keep track without automation. To know exactly where data comes from, how and why it’s used and where it goes, businesses must deploy technology that employs artificial intelligence (AI). Try as they might, businesses just won’t be able to achieve the same results through spreadsheets and word documents.
Automation will also save organisations both time and resource by enabling them to identify which manual tasks can be replaced by an automated approach. This will also reduce the risk of human error from tasks which can be automated.
2. Improve manual data governance and privacy
Data governance is still a new way of life for businesses and requires them to undertake a number of manual processes. Organisations have to do several things – understand the regulation, make organisational changes, such as appointing a Data Protection Officer, modify business practices and – above all – know what personal data is stored, who is using it, how and for what purposes.
As manual tasks often have a greater risk of human error, it is vital organisations put the right processes in place to ensure they are performing these manual tasks effectively. Manual processes will only be sustainable if organisations accept them as a corporate “must do” and create a “privacy” mindset.
3. Understand data lineage
Real data lineage is an understanding of the reality of that data, its transformational nature, its associations and its lifecycle across the data estate and over time. Some people talk about data lineage as though it were no more than knowing how data moves from “A” to “B”.
Real data lineage has business, application and technical perspectives. It understands data transformation, not just movement. It associates data to business meaning and processes. It’s the critical knowledge base that data governance and mobile device management depend on. To get the most from GDPR compliance, businesses must get a better grasp of data lineage and what it means to their business.
4. Data: quality over quantity
To become GDPR compliant initially, organisations had to identify and cull a great deal of data. This is should become an ongoing task even after compliance is achieved as the quality of data and the ability to protect it is far more important than quantity. Organisations must, therefore, identify what data is working for them and what data is working against them reduce the amount of data it holds. The remaining data is then likely to be more valuable and of more use to the business and the risk from unused data is eliminated.
5. Gaining business value
While GDPR is a necessity, the process of compliance can improve data governance and management and allow businesses to gain value from their strategy to maintain compliance. Organisations should look at the bigger picture and focus on the trust that can come from well governed data so that it can then create more confidence in its use while also mitigating risk. This includes the potential to reduce direct costs, create efficient audit processes, manage and track the information supply chain and use insights from data to drive business decisions.
In 2019, businesses should remind themselves of the added value GDPR compliance brings with it and look at how they can use this to their advantage.
For continued compliance, businesses must ensure that their processes are robust enough to be followed in the long term. In 2019, automation will play a pivotal role in this respect. While it may be costly to implement this technology, businesses must look at the bigger picture and the return on investment it will bring in terms of saving time, resource and being less prone to error.
Compliance is a legal requirement, however, that is not to say that businesses don’t stand to gain from putting the technology and procedures in place to achieve this. Seeing GDPR as an opportunity rather than a burden in 2019 could open up a range of new possibilities.