Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Top 5 GDPR outcomes that will improve data governance post May 25th

GregClark Valued Contributor.
Valued Contributor.
0 0 1,484

As the 25th of May 2018 is upon us, I’ve come up with the top five GDPR data privacy outcomes that will improve data governance (or perhaps could go horribly wrong!).

#5. Corporate executives, brands and shareholder value will be impacted positively as regulators assess GDPR readiness.

t51.pngWhat could go right: Regulators promote good behavior and data privacy best practices by wielding Thor’s hammer with fines and sanctions.

What could go wrong: Corporations really won’t be ready for investigations and will be made examples of by regulators. We will also see if regulators are prepared, funded and staffed properly across the EU and ready to begin on May 25th.

#4. Data subject access requests and right to be forgotten empower EU citizens to ensure their personal data is managed and managed properly.

t52.jpgWhat could go right: Audits prove many business are managing customer data effectively. Consumer confidence rises, brands promote success and data security practices. 

What could go wrong: Data subject access requests and right to be forgotten sweep in at unexpected volumes and causes major disruptions to business operations. Business can’t keep up, fines are levied, backlogs are created and the hole gets deeper and deeper each day.

#3 GDPR is the biggest compelling event for Information Governance since the Federal Rules of Civil Procedure.

t53.pngWhat could go right: It’s about the perfect storm of citizens mobilizing to protect their data, the appropriate level of oversight, and sanctions to ensure business comply, and businesses being ready to meet the demands that GDPR will place on their systems, people and processes.

What could go wrong: GDPR interpretations are watered down and weak precedences are set in the early stages by regulators. 

#2 GDPR and data privacy compliance is ignited by businesses being able to monetize data governance.


What could go right: We’ll see businesses coordinate efforts between IT, the business and legal around corporate growth priorities and data privacy initiatives. Cost containment around application retirement and legacy data clean up help fund projects and identify high value assets that can be leveraged by the business for competitive advantage, improved productivity and better, more informed decision-making.

What could go wrong: Data privacy, while an important business initiatives for most organizations is siloed or pigeonholed into poorly funded and resourced project team that is already overstretched with other tasks.

 #1 The Data Protection Officer (DPO) will lead the way to a single entity responsible for managing, securing and protecting the information assets of an organization (Chief Privacy Officer).

t55.jpgWhat could go right: Breaches like those at Target, Sony, Home Depot and Equifax have cost companies millions of dollars, along with erosion of their brand and trust of their customers. The DPO will help mitigate future PR nightmares and sanctions associated with data loss by helping to develop governance-by-design strategies to secure and protect sensitive and personal data from the consequences of data loss or over retention.

What could go wrong: The DPO is an additional role taken on by the General Counsel or another executive and the responsibilities and tasks around data privacy are piled on to their “day job.” GDPR doesn’t really call out the level of expertise specifically so again, qualifications and scope of the role could also be a challenge in some instances. 

BONUS: Information Governance (IG) experts are exposed as hidden gems inside organizations as they help orchestrate the data privacy policies and flow of data across the enterprise 

What could go right: IG professionals and records managers leverage their experience dealing with sensitive and high value records and get involved in managing information lifecycles and policies across the enterprise – including both unstructured data, and structured data sources.

What could go wrong: IG professionals and records managers continue to focus only on 5-15% of data as it relates to electronic and physical records.

I wish you luck on your compliance journey, and to help you fall under the “what could go right” categories, check out our Information Management and Governance and Data Security and Encryption solutions.

About the Author
Subject Matter Expert across InfoGov, Archiving, ECM, Regulatory Supervision and Compliance.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.