What do you need to know about GDPR compliance?

Posted on 25 May 2017 by Jonny Williamson

In just under 12 months, the General Data Protection Regulation (GDPR) will come into effect in the European Union, representing a considerable change in how countries handle data.

Not enough is currently being done to create and nurture the talents required to create a pool of data scientists - GDPR
GDPR applies to not only data gathered moving forward, but retroactively as well.

May 25, 2018 may seem a long time away, however, around half of those business affected will be unprepared when GDPR comes into force, according to Gartner research.

As is true for all legislation, the accompanying literature and advisements are unsurprisingly dense, but for the most part, it centres around one key principle: data governance.

A challenge for manufacturers, particularly those who gather and have been gathering large amounts of data, is that GDPR applies to not only data collected moving forward, but retroactively as well. Taking the necessary steps now to adopt robust data governance practices in your business represents a significant step towards compliance.

Global data science company, Dataiku, has drawn up a list of the critical challenges GDPR presents which management teams need to be aware of and acting upon.

Data storage

When it comes to the GDPR, organisations will ultimately need to take stock of where all their data is stored and ensure that it is accessible, but only to those with a business need to access it.

Data team leaders (and data protection officers if they are required for your organisation under the GDPR) should be able to easily understand and audit data sources, who has access to what, and what sources are being used for which projects.

Aligning Teams

GDPR will force any organisation not currently fostering collaboration between teams to do so, and quickly. However, it’s not just a matter of increasing communication over email or company chat.

There will need to be a certain amount of transparency surrounding data protection that allows a customer service team to field requests without having to ask the data team for an answer every time, or the marketing team to understand what the GDPR restrictions are and not inadvertently violate them when completing a customer targeting project.

Additionally, data teams working on new projects can communicate back to the legal team responsible for maintenance of the customer consent agreement and can update it accordingly.

Accommodating data subject requests

One of the biggest changes with the GDPR is the rights of data subjects. Under the new legislation, data subjects have the right to:

  • Be forgotten (have their data erased)
  • Access (obtain information about exactly what data is being processed, where and for what purpose)
  • Data portability (receive a copy of the personal data concerning them)
  • Question and fight decisions that affect them that have been made on a purely algorithmic basis

While it’s impossible to predict how many data subject requests you may receive, it’s critical to be prepared and have an efficient process in place. It’s also not a good idea to wait and develop a process when the first request comes in.

Data governance

For this challenge, the answer is the same, and if you’ve addressed the previous challenges, you’ve already gotten started: by centralising all data work into one place, data governance and potential audits are easy.

Security can be tightly controlled via the data science platform, eliminating the risk of rogue personal data floating around on employees’ laptops or local spreadsheets.

Adaptability

Change is inevitable, and the reality of data protection and privacy regulations is that they will continue to evolve with emerging new technologies. For all businesses working on GDPR compliance, it’s important to adopt a flexible solution that will change along with future technologies and regulations.

This means choosing a solution that offers access to advanced data science tools and the best of the open source world to enable your business to continue to grow and evolve and not be stagnated by regulatory requirements.

It also means finding a solution to data governance and the other challenges presented by GDPR that evolve with those requirements instead of backing your business into a technological corner. This is especially true for companies dealing with GDPR that aren’t based in the EU, and even more so for those facing Brexit uncertainties.