GDPR and Data Governance

GDPR and Data Governance

GDPR and Data Governance
With a number of my clients, I am finding that I am getting increasingly
involved in their GDPR Projects as having a good Data Governance Framework
helps you meet some of the requirements of GDPR.

GDPR impacts everyone who holds personal data so I thought I would ask
Tejasvi Addagada to provide a useful overview of the subject:

 

It is imperative that the privacy needs of EU residents must be harnessed
through GDPR by 25 May 2018. Moreover, GDPR necessitates coverage of
private information that is processed by any organisation, across the
globe. This means every organisation with global presence must embrace
these privacy requirements. Regulatory landscape is fast evolving while
also requiring firms with global operations to adopt the highest regulatory
requirements from a region that can be leveraged as preparedness in other
regions.

Privacy is not only a requirement from GDPR, but is also a major driver
from an organisation’s perspective of risk. Most of the personal
information collected for years now is vulnerable to threats and events of
malicious theft, accidental disclosure, failure in appropriate design and
usage. Today, protecting an organization’s reputation is the most
significant risk management challenge. Negative publicity to a firm, will
cause a decline in the customer base, reduce revenue and lead to costly
litigation.

Read Also:
8 Immersive Virtual Reality Data Visualizations

Privacy is not a new dimension that firms are planning to embrace suddenly.
Most mature organisations have Information Privacy and Data Privacy clearly
delineated and accounted for by stand-alone division in a firm. In my
experience, I have seen Information privacy aligned with the Technology
Risk function while Data privacy, as predictable, lies with Data Management
and Governance. There are a couple of good articles that brief on the way
forward for “Privacy as a dimension” within Data Management.

I was on a holiday this week, to Wayanad, a hill station in Kerala that
boasts plush landscapes, streams and the native culture of the locals.  I
booked the hotel on a travel app, which for sure has collected my personal
information. This data has been shared with restaurants owned by the same
group that gave me offers and requested feedback for every dining
experience. Sadly, the hotel doesn’t have a travel desk, but using his
contacts, the desk manager fixed our local travel arrangements. Further,
the Government forest division that manages the tourist destinations
collected my private data for accounting and safety, at 5 destinations. In
a span of 3 days I know there is redundancy and various levels of data that
is collected by various organisations. When I asked the hotel on the
management of the private information they were not sure on any procedures
that exist today. Further, most of the data exists still exists in paper.

Read Also:
Organizations Struggle with Data Overloads, Technology Maturity

Most financial organisations embracing data management and governance
have, for some time now, integrated Data Privacy and Security as an
integral dimension. Working with these firms, I can say that they are
prepared for GDPR. There is a Governance function that directs, monitors
and evaluates while also enforcing accountabilities through ownership and
data stewardship and ownership. On the other hand, a percentage of other
organisations have some level of privacy management capabilities customised
in the form of projects, for specific needs.

GDPR stress on the responsibilities, accountabilities, and evidencing the
controls for privacy.

Here are ten simple steps to get started –

1)    A current capability analysis must be performed to understand the
people, process and technology capabilities in place to collect, process,
manage privacy and security controls for Personally identifiable
information of customers and employees. This will be much easier if data
privacy management is already an integral dimension, embraced by a Chief
Data Office.

Read Also:
Solving Business Problems with Data Science

Read Full Story…

 

Leave a Reply

Your email address will not be published. Required fields are marked *