When we give our personal data over to any organisation we want to know it’s in safe hands. As I wrote in a previous blog under the GDPR organisations need to be better data custodians in how they handle our personal data; how they collect it, what they do with it and how long they will keep it for.
So how can organisations become better guardians of the personal data they hold, in what seems like a galaxy of data privacy rules and regulations?
Build a Data culture
Do you truly understand the personal data that sits within your organisation? It is paramount that all staff, from board level to juniors, understand the implications it has on them. This is where a strong culture of data education and data literacy needs to be driven along with a mentality that GDPR compliance is just the start of the journey and not a finish point for all businesses.
Understand the importance of data governance
With roughly 25% of data breaches coming from inside an organisation, it is more important than ever before that businesses ensure only authorised personnel have access to the mission critical data needed for their role. This isn’t something that is achieved over night, it requires education, a strong and flexible data governance policy and it helps if you have an agile data analytics platform that can report and even enforce it.
Ensure consent is effectively managed
I am sure your inbox, like mine, has been flooded with emails from organisations asking your permission to continue receiving their emails. I really hope those organisations have clear visibility across all their marketing systems as any misalignment could be deemed as non-compliance. Sending out an unsolicited email to someone who has opted out, or worse not even ‘opted-in’ in the first place, could be a trigger for a complaint to a Supervisory Authority like the ICO to investigate. Keeping a strong audit trail of when and how consent was captured as well as tracking Opt-in/Opt-out will help keep organisations on course and avoid any complaints.
Audit data retention policies
Do not keep any personal data longer than is necessary. Business leaders must ensure their organisation’s data retention polices are up-to-date and well understood. Be organised and continually enforce good auditing practices of files and records across all systems so you know what needs to be deleted and when.
Responding to data privacy requests
GDPR gives individuals greater rights over their personal data and are encouraged to exercise their rights. With 40% of consumers expected to make requests on exactly this, business leaders must have an action plan in place to ensure they are ready to respond and share all details within the time frame outlined. Locating such potentially vast amounts of data could take a lot of time and resources. Why not consider self-service portals that empower individuals to gain access to their own personal data and build trust.
The good news is that you can leverage Qlik to help with these challenges, check out our nice GDPR demo app which highlights how Qlik could be used. Access to this and more information on Qlik and GDPR is on our web site www.qlik.com/GDPR. And if that’s not enough, you can listen to a podcast where I wax lyrically on GDPR with the one and only John Sands.