The clock is ticking on the transitional period for the EU General Data Protection Regulation (GDPR) that came into force last year. By May 2018 at the latest, organisations will have to be aware of all individualised personal information that they record and store. Which information is stored? In which system? The threat is a severe fine: up to 20 million Euros, or four per cent of global turnover.
The discussion around the data protection regulation has moved towards panic, and it’s no wonder. The sanctions are harsh and the challenges great. Many companies have never done extensive research that observes individualised personal information more accurately than on a basic level. In business processes, new information emerges continuously, and its location – or even existence – is not necessarily known to central administration. In just a year, it will have to be.
Although the data protection regulation has been made into a bogeyman, the key to success is to forget panic and see the long-term benefits. It is not a project but a starting point for continuous improvement actions. Therefore we should not resort to quick fixes but change our ways of working permanently. When we do that, the EU General Data Protection Regulation will bring along solid groundwork that organisations should be doing anyway.
A few viewpoints on the benefits of the data protection regulation:
- The research phase requires a close examination of what kind of personal information is produced in the business units. This work may also bring up new ideas on using the information.
- An extensive study exposes overlaps: Typically the same data is collected in different processes. What could be done more effectively in the future? The study also highlights possible vulnerabilities that may be found in IT systems.
- The data protection regulation is a good pretext to really streamline an organisation’s data architecture. Is there sufficient competence? A data protection manager, project manager, legal expert, master data expert, architecture, tool support? Which roles are needed in your organisation?
So don’t be intimidated, but instead get to work, or continue the work you’ve already started. Go through the research phase fast and then start building a permanent change. Although all this is dictated by legislature, this is an excellent opportunity to better understand your own business, customers and data.
About the author
The writer Valtteri Rantala has faced nearly everything possible and impossible in the field of designing enterprise architecture and data protection during the last twenty years. According to Valtteri, true renewal and development in business happens at its best when sleeves are rolled and challenges are tackled, instead of endlessly planning and fearing risks.