Ask any business leader, anywhere, and they will proudly declare their organisation is compliant with the GDPR privacy regime which came into force on 25 May 2018. They will tell you that they are a data driven organisation, that data is a competitive differentiator and that data security is their highest priority.
Ask data and security professionals within the organisation and they will, most likely tell you a different story. They will express concern about whether the effort that went in to achieving GDPR compliance is sustainable and they are troubled by how to demonstrate and deliver long-term business benefits from their compliance efforts.
These concerns informed an excellent panel discussion at the IRM Enterprise Data Conference in London on 20 November 2018.
The speakers, Cathy Pendleton, Senior Manager – Data Governance, at online insurance giant comparethemarket.com, Gary Chitan, Head of UK Data Intelligence Sales, at information management systems vendor, ASG, and James Archer, Privacy Champion, at broadcaster ITV, offered some real insight into how to embed GDPR into the enterprise and its day-to-day practices. provoked some lively discussion from the floor.
For Cathy Pendleton, the drive to become GDPR compliant was overwhelmingly positive at comparethemarket.com. It showed the board, very clearly, the strengths and weaknesses in their use of data.
It enthused business leaders about the prospects for data-driven business developments. It enhanced the reputation of data teams within the organisation and it made has led to a clear understanding that budgeting for data management and data compliance is not an ‘add-on’ or a one -off business expense, but an integral part of all data-related investment.
Gary Chitan from ASG said that organisation had invested hundreds of millions of pounds in GDPR compliance, but the bulk of this had gone on improving the existing manual data governance and privacy processes and investing in compliance related technology.
For all the hype about digital transformation, there has been surprisingly little focus on extracting business value from data as organisations spend on compliance, he noted.
Reiterating Cathy Pendleton’s message, Chitan said data professionals had to leaders in the drive to get real business value from data and compliance. GDPR and transparency over data will increasingly be key business differentiators, he added.
Understanding and proving data lineage is an essential part of that process. “the exploding volume and variety of fast-moving data mean that nobody’s going to be able to keep track without automation. Knowing where data comes from, how and why it’s used, where it goes – it all needs automation, said Chitan.
ITN’s James Archer said the broadcaster’s GDPR compliance exercise had revealed the enormous breadth of data the organisation kept – from normal business data to millions of contact details of people registering for access to ITV’s online services, right through to deeply personal details of potential participants in daytime TV programmes.
The tendency at ITN had been to collect as much data as was thought to be required, as quickly as possible, said Archer. However, the GDPR compliance process had allowed a new, ‘who, why, what, where, when and how’ approach to data.
Those collecting data had to ask, who was collecting and owning the data, why was it being collected, what data was being sought, where would the data be held, when should data be acquired and how should it be acquired and managed?
Explaining this concept across ITN, from business units to programme makers, had helped shift attitudes to data and helped staff understand that compliance was not just a chore or a box ticking exercise, but could be a real aid to daily operations.
With GDPR compliance not coming cheap and the regulations requiring judgement calls and transparency from the business, rather than simply setting a series of hurdles to surmount, the issues raised at the IRM UK Enterprise Data Conference are going to keep recurring.
Mike Simons is a highly experienced technology journalist, working as Associate Editor for CIO.co.uk, ComputerworldUK.com and Techworld. He is regularly called on to judge industry awards, including, recently, the SAP Quality Awards also working as a film producer. He was News Editor at ComputerWeekly.com and of a combined Computer Weekly and ComputerWeekly.com before joining IDG as Launch Editor of ComputerworldUK and subsequently taking over responsibility of Techworld as well.
Copyright Mike Simons, Associate Editor CIO.co.uk, ComputerworldUK and Techworld