General Data Protection Regulation (GDPR) is broad, rigorous and challenging – and its compliance deadline is just 12 months away. So, how are organisations responding to the regulation, what progress are they making on implementation and what steps can they take to ensure compliance within the 12-month timeframe.
These questions and more were answered in a recent A-Team Group webinar asking ‘Are you ready for GDPR?’. The webinar was hosted by A-Team editor Sarah Underwood and joined by Michael Dimopoulos, a GDPR practitioner assigned to a Tier 1 European bank; Christy Haragan, principal sales engineer at MarkLogic; Tudor Borlea, pre-sales engineer at Collibra; and Michael Angle, chief technology officer at Opus.
Setting the scene for discussion, an early audience poll questioning organisations’ progress on GDPR showed 42% of respondents at the planning stage, 27% just starting implementation, 18% not yet making progress, and 13% making significant progress. Considering the 25 May 2018 compliance deadline of the regulation, the speakers agreed that if organisations within the scope of GDPR have not yet started work on compliance, they should not delay and get going straight away. The challenges of compliance are considerable, and it will take a lot of time and effort to identify personal date, gain and document the consent of data owners – essentially EU citizens – to use the data, and embed policies and practices to deal with data owners’ rights, such as data access and corrections, data portability, and the right to be forgotten. Firms based outside the EU, but with EU customers, must also comply with GDPR.
A second audience poll reflected these challenges, showing respondents expecting to, or experiencing, GDPR data management challenges including establishing customer consent management, identifying private and protected data, and building data privacy by design as required by the regulation. The speakers added compliance challenges presented by data silos, problems around accessing and managing unstructured data, and the ability to scale systems to deal with data subjects requests in a timely manner.
Solutions to these problems include a step-by-step approach to GDPR implementation that starts with a data inventory and goes on to document consent from data owners, map data to systems where it is used, encrypt data where necessary, and ensure compliant data can be given to data subjects on request. A shift in culture around how employees collect customer data is also recommended.
While no single technology solution is expected to provide an answer to all the data management challenges of GDPR, the speakers suggested organisations should start conversations with technology providers now with a view to implementing solutions in the second half of the year.
Final advice included getting board level sponsorship for GDPR programmes, making all required efforts to avoid potentially huge fines for non-compliance, and collaborating across the enterprise to achieve success. And start now!
Listen to the webinar to find out about:
- GDPR obligations
- Scope of the regulation
- Data management challenges
- Implementation plans
- Beneficial outcomes