What does the General Data Protection Regulation (GDPR) have to do with data quality? Plenty! Simply put, high quality data means that you have the right information available at the right time and place for the right people to run your organization. This means the organization adequately manages the data, processes, people/organizations, and technology throughout the life cycle of the information. POSMAD is the acronym indicating the six fundamental phases of the information life cycle: Plan, Obtain, Store and Share, Maintain, Apply, and Dispose. Only an organization that manages its data throughout the life cycle of that data will be able to comply with the GDPR.
Danette McGilvray, President and Principal of Granite Falls Consulting, Inc., danette@gfalls.com
Danette presents the following course for IRM UK, Ten Steps to Data Quality, which takes places in London, 2-3 November 2017
“The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years” —http://www.eugdpr.org/
The GDPR regulates the protection of individuals (data subjects) with regard to the processing of personal data and on the free movement of that data. A few examples of GDPR requirements and how data quality can help with compliance:
- Breach Notification. If a data breach occurs, notification is mandatory within 72 hours of first having become aware of the breach. That notification can only happen if you know where your customer data is located and that their contact information is up to date.
- Right to Access. Data subjects have the right to know if personal data concerning them is being processed, where and for what purpose. In addition, a copy of the personal data must be provided, free of charge, in an electronic format. Providing this information can only happen if you understand what is happening to the personal data throughout its life cycle. This processing includes not only processing within your company but processing by third parties such as cloud providers.
- Right to be Forgotten. A data subject has the right to have his/her personal data: erased, further dissemination of the data ceased, and processing of the data by third parties potentially halted. Once again, the ability to take all the actions necessary can only happen if you are already managing the personal data throughout its life cycle.
Only an organization that has high quality data will have the ability to comply with the GDPR.
If your organization is not in a country that is part of the European Union (EU), you may think the GDPR does not apply. Consider this: “The GDPR applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.” — http://www.eugdpr.org/key-changes.html. This means that if your organization offers goods or services to EU citizens or controls or processes data about a subject in the EU, you must comply with the GDPR – even if your organization is not in the EU. The clock is ticking and the countdown is on. The enforcement date is 25 May 2018 after which those in non-compliance are subject to substantial penalties – up to 4% of annual global turnover or €20 Million (whichever is greater), depending on the severity of the infraction. Do you know your data? Do you know where it is and who is touching it? Are you managing it? Do your people have the skills and knowledge to create and manage high quality data essential to complying with the GDPR? This article Copyright 2017 by Danette McGilvray, Granite Falls Consulting, Inc. (www.gfalls.com) All rights reserved worldwide.
Source of information on GDPR: http://www.eugdpr.org
Danette McGilvray is president and principal of Granite Falls Consulting, a firm that helps organizations increase their success by addressing the information quality and data governance aspects of their business efforts. Focusing on bottom-line results, Granite Falls’ strength is in helping clients connect their business strategy to practical steps for implementation. Granite Falls also emphasizes the inclusion of communication, change management, and other human aspects in data quality and governance work. Danette is the author of Executing Data Quality Projects: Ten Steps to Quality Data and Trusted Information™ (Morgan Kaufmann, 2008). An internationally respected expert, Danette’s Ten Steps™ approach to information quality has been embraced as a proven method for both understanding and creating information and data quality in the enterprise. A Chinese-language edition is also available and her book is used as a textbook in university graduate programs. Note: Portions of this article contain material from the book Executing Data Quality Projects: Ten Steps to Quality Data and Trusted Information™ by Danette McGilvray, published by Morgan Kaufmann Publishers, copyright 2008 Elsevier, Inc. See http://store.elsevier.com/product.jsp?isbn=9780123743695
Copyright Danette McGilvray, President & Principle of Granite Falls Consulting.