Time For GDPR: Here's How It Could Help The Bottom Line
By Manish Sood published in Forbes Technology Council at https://www.forbes.com/sites/forbestechcouncil/2018/05/14/time-for-gdpr-heres-how-it-could-help-the-bottom-line/2/#5417746d16c5.
Forbes Technology Council: Elite CIOs, CTOs & execs offer firsthand insights on tech & business.
GDPR is almost here. After years of discussion, negotiation and preparation, the General Data Protection Regulation goes into effect on May 25, 2018. So ... are you ready?
Compliance chiefs should already know all there is to know about GDPR, but that’s not the only issue. This is such a broad mandate that it requires the participation of multiple constituents within each organization doing business in or with the European Union. So for the uninitiated (and that’s hopefully a small number), here’s a quick topline view.
GDPR seeks to ensure that citizens and residents of the EU can take control of their personal data. It replaces the Data Protection Directive, which goes back all the way to 1995, a couple of decades and many digital generations ago. It challenges business practices that involve the export of personal data outside the EU, and because it doesn’t require enabling legislation from national governments, it is broadly binding and applicable.
By now, most organizations have likely identified the process changes they need to ensure compliance (if not, you better hurry). The goal now is a quick look back -- have all the necessary boxes been checked, or are some remedial measures necessary? And that gets us to the most important question: What comes next?
First, GDPR is a welcome reminder compliance only comes with a high level of awareness and a comprehensive data management strategy. Many companies have their data scattered across multiple networks and lines of business -- the only way to keep up is to collate all data from internal, external and third-party sources.
If that sounds overwhelming, here’s just a sampling of what is required:
• Identifying all systems managing customer data
• Blending different types of data
• Understanding data ownership
• Identifying data shared outside the organization
• Maintaining data lineage across all customer attributes
• Managing different types of consent, and their sources
• Providing customers a way to make data-related requests
• Deploying processes for required data access, change and deletion
• Putting a mechanism in place for timely reporting in case of a data breach
To be clear, that’s only a quick sample of requirements -- the real design depends on your business. Going just one level deeper, it means correlating omnichannel transactions to customer master records and understanding, for example, how each customer is related to other members of a particular household and whether those disparate household members have consented to their data being used and for what purpose. It also requires maintaining the data lineage to data sources and tracking to downstream applications so we know from where a customer profile attribute came and which applications are using it. That might get you to the right to be forgotten stipulation: Under GDPR, individuals are entitled to data erasure, which means that at their request, all traces of their information must be purged, including legacy transaction data that might reside in activity logs. In sum, this mandates a comprehensive customer profile with a 360-degree view that can accommodate data-change requests and the ability to generate compliance reports fast.
In this context, a comprehensive data management strategy is built on four pillars:
• Consolidated profiles: Organizations need the ability to collate all data from internal, external, third-party and social sources. At the same time, they must have the power to trace and maintain data lineage across all attributes. This sweeping level of visibility is invaluable in the event of a data breach.
• Managing relationships: Graph technologies play a unique role here -- they offer a deeper and more accessible understanding of relationships between stores, locations, channels and types of consent. It also helps to trace the adult consent for capturing the data of a minor.
• Data change requests: This is a critical requirement for GDPR compliance, and companies need to step up. Built-in workflows in the systems used should accommodate all customer data change requests, deletion requests, review requests and more.
• Data as a service with traceability: Drawing from third-party sources is a major benefit, but GDPR compliance requires tracking which attributes came from where.
There’s no question that GDPR is a big deal, and even for enterprises that have been working on the issue for a while, ensuring compliance will be a challenge. It’s also possible that similar directives will emerge in other markets. The current debates over data privacy at Facebook and elsewhere will likely give rise to more regulations, not less.
But as we head into these uncharted waters, there are some very bright spots on the horizon.
First, just as technology has created the problem, it can also help create the solution. The master data management systems still in place at many enterprises are giving way to self-learning data systems that offer major advantages. They greatly enhance the ability to manage master data, correlated to omnichannel transactions at big-data scale, and incorporate graph technologies, machine learning and predictive analytics. All of these make it significantly easier to maintain compliance.
And finally, while GDPR is undeniably a challenge, what if it also brings an opportunity? Companies that have done and keep doing what they need to do will have greater control of, and greater access to, their data than ever before. That will certainly enable ventures into new markets, more effective marketing campaigns (think of the metrics that will improve) and a better customer experience. This is an opportunity to clean up your data, put in place the right data strategy, improve business processes and enhance customer experience.
Yes, compliance with a new mandate is never fun. But if done right, this is one process that can offer a big boost to the bottom line -- and what’s more fun than that?
About the Author
Manish is CEO of Reltio. During his career, he's architected the most successful data management solutions used by Fortune 100 companies.