Is your company on the verge of losing its corporate data due to GDPR?

As the General Data Protection Regulation approaches, it is imperative - and in some cases required - that businesses hire a data protection officer

GDPR Data Protection Officer

While it’s not absolutely necessarily to hire a DPO to become GDPR compliant, you do need to assign someone the task of assuring your company meets requirements

The colorful data visualisations started to go pale and eventually stopped moving, fading away until only grey was shown on the screen. The liveliness of the data-loaded spreadsheets went quiet. And eventually, the entire analytics department just withered away.

This sounds like a company regressing into the past; an IT dystopia. Unfortunately, this scenario is actually happening at some organisations as the first examples of companies choosing to shut down parts of their BI and analytics solutions due to GDPR have started to surface.

Yes, you read that correctly. Some companies are choosing to shut down part of their BI and analytics solutions – despite need and investment – to protect themselves against great risk of financial penalty for not being GDPR compliant. And, you may very well be at risk as well.

The good news is you don’t have to be. You can prevent your company from losing its corporate data, BI, and analytics program.

>See also: Practical steps to deal with the GDPR

Let’s think about this for a moment. Your company and the ones that have already begun to shut down their corporate data programs, both built their BI and analytics solutions for a sound business reason: to put their data to good use. They wanted to become data-driven to enable them to make better business decisions.

These large investments were big commitments in time, money, and resources; allowing companies to build Data Warehouses, BI front-end tools and all the nuts and bolts that went into the solutions. In some cases, this also included hundreds if not thousands of hours spent on contracting consulting companies to build, and, if needed, maintain the solutions — at least for those organisations lacking in-house tech and data support.

Then GDPR came along raising a lot of questions, for instance:

• What data does your company hold?
• Where does your company store this data?
• What is the data used for?
• Who has access to the data?

Looking ahead, companies that are unable to answer questions posed by GDPR and that are not compliant as required, could face a fine up to 20.000.000 EUR or 4% of annual worldwide turnover, whichever is greater.

>See also: 6 steps to GDPR compliance

For some, “GDPR compliant” is a mouthful to tackle. With no idea how to approach the task at hand, the simple solution created by them has been to put the “less business critical” systems to a halt.
The results can affect systems and a company in the following manner:

• Self-service BI front-ends are made un-accessible with no alternative offer to the users on how to get their data, make their graphs or basically run their business.
• Analytical projects are put on hold until further notice, as the explorative/ad-hoc approach and algorithms in-the-making might cause what is perceived as “major headaches” to try to document.
• Reporting services with strict limitations in recipients.
• New administrative business processes including emails that remind all colleagues not to forward emails with attachments of data, reports and spreadsheets.

These are just a few examples, and more implications are likely to occur. So ask yourself, are YOU willing to shut down you BI? Stop your reporting? End your Analytics?

Stay optimistic – there’s another way.

To begin, ask yourself this question: Which steps have you taken in order to make your BI and Analytics environment GDPR compliant? If you’ve taken no action to date or you think you are lagging behind, consider the following as a first step to begin to tackle this problem.

>See also: GDPR compliance – the real implications for businesses

As a starting point, one of the central questions about this entire topic is if companies should hire a Data Protection Officer (DPO) to help with GDPR. The short answer is this: yes, large or small, your company might consider hiring one.

The DPO can be the central manager to oversee all of your data management processes across your entire company. This go-to person can help evaluate and determine which data stays and which data goes, and for the data that will continue to live on, where and how it should be organized and stored.

In addition, the DPO can answer directly, on your behalf, to the EU; an indication to the governing body that you are in fact a serious organisation, intent on becoming GDPR compliant.

So, find that person, who can be the corporate connector, the one who can link together all your different departments, various IT systems, and business processes all related to storing data. The DPO will likely take it a step further and work with you to establish contact points and processes for customers and external stakeholders who also want access to the part of their data which you are storing under GDPR guidelines.

>See also: GDPR compliance: what organisations need to know

While you might not be the first company to appoint a DPO, rest assured, you won’t be the last one to do so. And while it’s not absolutely necessarily to hire a DPO to become GDPR compliant, you do need to assign someone the task of assuring your company meets requirements. A DPO is simply one plausible solution that could help you achieve this objective.

After your DPO is on board, you can then start the debate about governance, security, automation, anonymisation, and all the other action items needed to be dealt with to become GDPR compliant.
In the end, taking action will allow you to keep your data moving and your visualizations vivid, but to also keep your entire business as one that is data-driven.

 

Sourced by Majken Sander, Business Analyst & Solution Architect at TimeXtender

Comments (0)