The introduction of the General Data Protection Regulation (GDPR) next May is set to formalise the protection of customer information. With high profile data breaches at some of the world’s largest tech brands including Amazon, Facebook, Gmail and Twitter dominating headlines, businesses are faced with a two-pronged challenge: staying compliant and secure, while still being able to harness the power of their data.
GDPR poses a fundamental and permanent shift in the way that organisations should think about data and their approach to cyber security. It will affect every organisation; whether public or private, charity or governmental. The regulation will introduce harsher penalties for non-compliance and breaches and will provide consumers with more power over what companies can and cannot do with their data.
To stay compliant under GDPR, businesses will need to ensure that all data is processed lawfully, transparently and for a specific purpose. Crucially, once this purpose has been concluded, the data cannot be held and needs to be deleted.
How therefore, can organisations ensure they are compliant with GDPR and are able to combat the technological and skills challenges they could face?
Tech skills – a consideration for all, not just the IT team
Its emphasis on protecting customer and employee data means that GDPR gives organisations a renewed focus on the big data and cyber security skills they need in their organisation. With big potential fines for breaching the compliance, the crucial questions that businesses need to ask are – “What data do I have?” and “Why do I need this data?”
It’s easy to think of a data issue as something that only concerns the IT department, or a financial regulation as something that only impacts the finance team. But GDPR will touch every part of the business.
Cyber attacks have shown us that a company’s weakest link in its security chain is its people – if cyber criminals can get through to employees, they are almost certain to be successful in hacking into the organisation.
As a result, security and data now represent a challenge for the entire organisation. When GDPR comes into force next year, the key word will be accountability. Businesses must make sure that every department and employee is aware of how to remain compliant with the regulation.
And GDPR won’t just impact the business from a security perspective. The implications are far more wide-reaching. Take marketing for example – as much as 75% of marketing data could become obsolete as a result of GDPR because only 25% of existing customer data meets the regulation’s requirements. So much customer data is currently collected via individuals’ “failure to opt out” which will no longer be seen as sufficient consent after the May deadline.
Moving forward, marketing teams will have to work very closely with both their IT and legal departments on all day-to-day activity to ensure they keep within the regulatory lines and that there is a clear and consistent permissions trail for all processes.
Assessing the organisation’s existing skills base
Employers must take a long-term view to ensure they are compliant with GDPR. They need the right skills and knowledge to be ingrained in every department across the workforce without adding endless expensive headcount indefinitely. Here are three steps that businesses can take:
1. The comprehensive audit
The first thing every business needs to do is a comprehensive audit of their current capabilities against the legal requirements they will soon face. This applies to both the technology systems themselves and the available skills within the workforce. This needs to be an urgent priority as businesses may need time to respond to the findings. External experts are often a good option to conduct such an audit; as a third party looking into the business with a fresh pair of eyes may uncover issues that others might not.
2. Use contractors to upskill the existing workforce
Short-term contractors are also a valuable resource to call upon between now and May 2018 to bring the organisation up to speed. They can use their varied experience to get the business into shape quickly without adding any permanent headcount to the balance sheet.
3. Instil key skills throughout the team
In the long-term, organisations must work towards ensuring that all employees across every department are aware of their accountability to GDPR and have the necessary skills to play their role in compliance.
GDPR shouldn’t be perceived as another regulatory hoop to jump through – it can be a competitive advantage. The insight that can be derived from a company’s data is vital to the way that it operates today and those that get GDPR right will increase the trust that customers have in them, in turn encouraging them to share more of their valuable information. But business leaders must start today by identifying the gaps within their organisation and engaging the wider workforce to ensure a long-term solution.
Sourced by Martin Ewings, director of Specialist Markets, Experis
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate