As the 25th of May 2018 is upon us, I’ve come up with the top five GDPR data privacy outcomes that will improve data governance (or perhaps could go horribly wrong!).
#5. Corporate executives, brands and shareholder value will be impacted positively as regulators assess GDPR readiness.
What could go right: Regulators promote good behavior and data privacy best practices by wielding Thor’s hammer with fines and sanctions.
What could go wrong: Corporations really won’t be ready for investigations and will be made examples of by regulators. We will also see if regulators are prepared, funded and staffed properly across the EU and ready to begin on May 25th.
#4. Data subject access requests and right to be forgotten empower EU citizens to ensure their personal data is managed and managed properly.
What could go right: Audits prove many business are managing customer data effectively. Consumer confidence rises, brands promote success and data security practices.
What could go wrong: Data subject access requests and right to be forgotten sweep in at unexpected volumes and causes major disruptions to business operations. Business can’t keep up, fines are levied, backlogs are created and the hole gets deeper and deeper each day.
#3 GDPR is the biggest compelling event for Information Governance since the Federal Rules of Civil Procedure.
What could go right: It’s about the perfect storm of citizens mobilizing to protect their data, the appropriate level of oversight, and sanctions to ensure business comply, and businesses being ready to meet the demands that GDPR will place on their systems, people and processes.
What could go wrong: GDPR interpretations are watered down and weak precedences are set in the early stages by regulators.
#2 GDPR and data privacy compliance is ignited by businesses being able to monetize data governance.
What could go right: We’ll see businesses coordinate efforts between IT, the business and legal around corporate growth priorities and data privacy initiatives. Cost containment around application retirement and legacy data clean up help fund projects and identify high value assets that can be leveraged by the business for competitive advantage, improved productivity and better, more informed decision-making.
What could go wrong: Data privacy, while an important business initiatives for most organizations is siloed or pigeonholed into poorly funded and resourced project team that is already overstretched with other tasks.
#1 The Data Protection Officer (DPO) will lead the way to a single entity responsible for managing, securing and protecting the information assets of an organization (Chief Privacy Officer).
What could go right: Breaches like those at Target, Sony, Home Depot and Equifax have cost companies millions of dollars, along with erosion of their brand and trust of their customers. The DPO will help mitigate future PR nightmares and sanctions associated with data loss by helping to develop governance-by-design strategies to secure and protect sensitive and personal data from the consequences of data loss or over retention.
What could go wrong: The DPO is an additional role taken on by the General Counsel or another executive and the responsibilities and tasks around data privacy are piled on to their “day job.” GDPR doesn’t really call out the level of expertise specifically so again, qualifications and scope of the role could also be a challenge in some instances.
BONUS: Information Governance (IG) experts are exposed as hidden gems inside organizations as they help orchestrate the data privacy policies and flow of data across the enterprise
What could go right: IG professionals and records managers leverage their experience dealing with sensitive and high value records and get involved in managing information lifecycles and policies across the enterprise – including both unstructured data, and structured data sources.
What could go wrong: IG professionals and records managers continue to focus only on 5-15% of data as it relates to electronic and physical records.
I wish you luck on your compliance journey, and to help you fall under the “what could go right” categories, check out our Information Management and Governance and Data Security and Encryption solutions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.