General Data Protection Regulation (GDPR) will curb the digital wild west and improve protection of personal data, but the cost of implementation will be high and now is the time to get started to meet the compliance deadline of May 25, 2018.
Taking part in an A-Team Group webinar on the regulation, subject matter experts outlined the challenges of GDPR as well as approaches to best practice implementation. The webinar was moderated by A-Team editor Sarah Underwood, and joined by Sue Geuens, president at DAMA and an independent consultant in financial services; Chiara Rustici, an independent GDPR analyst; Abigail Dubiniecki, a GDPR Specialist at My Inhouse Lawyer; and Tudor Borlea, sales engineer and GDPR specialist at Collibra. Rustici will moderate a panel on the regulation – GDPR: A game changer – are you ready? – at A-Team’s RegTech Summit for Capital Markets in London on October 5, 2017.
An early poll of the webinar audience showed most firms in the early days of working towards compliance, with 34% of respondents saying they were in the planning phase, 28% close to implementing a solution and 16% yet to start preparation. Some 15% said they are implementing a solution and just 5% are completely prepared with a solution in place.
The message from the webinar speakers was clear. With less than 200 working days before the compliance deadline, senior management needs to accept that there is no avoidance of GDPR and act now.
Dubiniecki said that at a basic level firms need to respond to the regulation’s requirements by considering whether they hold data legally, have informed data subjects of how they will use their data and informed them of their rights, and can ensure access rights to personal data. She added: “GDPR ends the digital wild west, but the challenges of understanding what date is held and how it is used are considerable. The need is to prioritise data and identify higher risk areas and plan for them first.”
Borlea expanded on this, explaining a compliance process that starts with establishing a dedicated, multi-departmental team with management buy-in and goes on to identify the information structure within a firm and how it needs to be adapted to support GDPR. Data can then be collected and assessed, with priority given to high risk data. A gap analysis and a mitigation plan are also needed. With these elements in place, GDPR becomes part of core operations processes and can be monitored and reported on.
Geuens noted the imperative to implement data governance in line with GDPR – a second poll showed firms working towards this – and advised firms not to panic, but start now. Advice from other speakers included start with an understanding of your data landscape, stop hoarding data and collaborate across the enterprise.
Listen to the webinar to find out more about:
- GDPR requirements
- Data management challenges
- Best practice approaches
- Technology solutions