As May 2018 approaches, the date the GDPR will enter into force, the legislation has for many companies become a major business concern.
There’s a very important reason for that – under the new regime, businesses could see 4% of global revenues wiped out by the regulator if they don’t properly process and protect personal data – not to mention the incalculable damage to their reputation.
For chief data officers (CDOs), this presents a fantastic opportunity to assume a leading role in reorganising the business around its data. By leading the strategic initiatives to prepare for GDPR, they can help their organisations realise multiple benefits at the same time as achieving compliance.
The advantages are many and varied, and for many years, CDOs and CIOs have been trying to impress upon their fellow-executives the importance of good data management.
>See also: Benchmarking global readiness for the GDPR
From removing operational silos and creating more efficient internal processes to improving customer experiences and personalisation programmes, good data makes for a successful business.
But you have to invest to make the most out of your information assets, and you have to develop a roadmap that will deliver value over time. As a result, for most of the past decade many companies have perceived the technological and financial barriers as too much.
As one example of this specious thinking, why dedicate capex to a data management project if the business is already running smoothly? There is also a cultural barrier to overcome in many cases – getting control of your data often means changing the way a company works, which brings with it difficulties of its own.
Now the GDPR deadline has the potential to force the issue. With CEOs, CCOs and CFOs more focused than ever on the importance of good data management, the CDO should now take responsibility for transforming the company into a data-centric organisation – and then help it reap the rewards.
With that in mind, here are six points that Informatica considers important in helping businesses on their GDPR initiative journey.
1. Treat GDPR as a friend
Financial services companies are used to building many of their processes around regulation, but many other industries are not. Don’t be afraid of making the necessary changes – instead, treat them as a chance for competitive differentiation.
Preparing for the GDPR can help businesses to get a good, in-depth understanding of the personal data they process. In that sense, compliance can be a benefit as well as a challenge: it might cut those who aren’t prepared for it, but it can give others plenty of valuable insights to drive growth and customer engagement.
2. Create a plan for compliance…
For many organisations, the journey towards GDPR compliance will be a long one. Even if your company isn’t going to have all the loose ends tied up by the time the regulation comes into force, it’s still important to be able to demonstrate to regulators and your stakeholders that you are being intentional and serious about reaching compliance, and that you have control over your data.
>See also: The era of increased data protection rules
Which means you should consider mapping your data landscape. For many, a good place to start in a GDPR initiative is identifying how your organisation processes personal information across its ecosystem, so you can appropriately process and effectively secure it if required. T
o do that, we think you’d want a clear view of your entire data landscape. Imagine it like a macro version of Where’s Wally – if you can only search part of the picture, you might find Oswald or Wenda, but you’re probably not going to find Wally.
As a result, organisations may wish to consider automating the data discovery process. Manually sorting through the huge amounts of data many organisations hold often takes a lot longer than predicted, and as your data is evolving all the time, your insights will be stale almost as soon as you produce them.
An automated data discovery and management approach can help the process move much faster and keep pace with new and shifting data inputs. And by generating a risk score for relevant data, organisations can understand how to start prioritising remedial activities.
4. Get the right people on board
This isn’t just a problem for application developers: the whole company from the top down needs to be on board with making GDPR compliance and data-centricity a success. That means the CDO needs to ensure that senior stakeholders such as the CEO are involved and committed from the start, as they can help to unify the company around the single goal of achieving compliance.
Also, don’t forget the legal aspects too – they’re a key part of protecting the company and can help you understand the scope of what’s required.
>See also: 5 ways to improve a data strategy
5. Choose the right partner
Technology alone is not enough for this task. It’s an accelerator for a GDPR initiative, but it’s only one part of the story. You also may need switched-on business consultancy to go hand-in-hand with it.
Ultimately, companies may need to re-engineer their entire operational structure to accommodate GDPR, so they may need insightful strategic counsel to help them.
6. Get on with it
Finally, don’t forget that GDPR kicks in on May 2018. CDOs potentially face a long uphill task, so starting now is key. Like the proverbial bird, the company that starts early will catch the compliance worm and the market share that comes with it. Last year organisations could afford to theorise – now is the time for action.
CDOs are now perfectly placed to make a major difference in their organisations. By actively driving a GDPR initiative, with a holistic and automated view of data as its foundation, they can help their companies benefit hugely from their information assets, as well as avoiding potentially damaging fines. The tools are available – now it’s time to take control.
By Andrew Joss, head of industry consulting EMEA at Informatica