Feared by many, waited for by others, in little time, the EU General Data Protection Regulation (GDPR) has acquired significant importance.
New trends in digital transformation and Big Data, together with the exponential growth of Internet and real time transactions have meant there is more and more information provided to companies and organizations. These personal data which we share and spread enable these actors to know us better, but they also expose us and make us vulnerable, especially when we are unaware of the safekeeping mechanisms followed by most of these organizations.
It is precisely on this point where the new EU General Data Protection Regulation (GDPR) takes on most importance. Passed in 2016, as a fundamental part of the European initiative for the Digital Single Market, it intends to align the personal privacy statutes that now exist in different European states by means of a harmonization of the requirements and methodologies for data protection. In this way, any person who works for an organization that does business with European consumers will need to know and be prepared to abide by the General Data Protection Regulation which will come into force in May 2018.
The window is closing
Despite the fact it is drawing near, under a year, the truth is there are many organizations which have not yet understood the magnitude and complexity fulfilment of this involves or the tools and systems necessary to abide by its requirements.
This enormous gap in knowledge levels and training shows an urgent learning need: companies risk being fined for breaches which could amount to as much as 4% of their annual income, or worse still, to lose the confidence of the consumer and/or their brand reputations could be damaged. Moreover, a rigid and inflexible requirement of the regulation states that the organizations must inform any breach of data protection within 72 hours of this occurring.
Based on this and with the purpose of safeguarding data privacy for European consumers and to guarantee the regulation is complied with, European companies must make data management an absolute priority.
It is true that data management and compliance with the GDPR go hand in hand; each require a commitment to responsibility for the data used as well as for its precision and availability, and the capacity to identify the state, the source and use of this data. This alignment, moreover, must be understood as a continuous process of work focused on improving operational efficiency for handling personal data, so as to avoid fines and the discredit that harmful news may cause a determined company.
Additionally, European legislation has based the new regulation on protection of European data on accountability. That is, the Regulation promotes the concept that each party which is responsible for data processing be accountable forits own data protection policy, from an analysis of the inherent risks to this activity and for decision-taking as a result of these.
On this point, the Data Protection Officer-DPO comes into action, responsible for designing the policy for prevention, management and avoidance of risks related to the protection of data and entrusted with ensuring the legislation and data protection policy of the company is observed. Likewise, the DPO is a facilitator, since the affected users and interested parts may get in touch with him or her about any matter in relation to the processing of personal data and exercising their rights.
Data quality, key for fulfilment of this
Without doubt, data processing is an especially delicate field given that company data has become more and more prominent and the growing complexity of processing them. Therefore, an appropriate strategy for data management must entail correct use by the appropriate people and an analysis of important business processes, but also, use of technological solutions that have been specifically designed or that are based on the guiding principles of data management and which have been optimized to comply with the GDPR.
DEYDE has focused its activity on improving the data of companies that have a high volume of information about their customers. The company has MyDataQ, its own software for mass correction, normalization, debugging and enrichment of personal data. By taking this path, from totally true data, companies can design their own strategies, take adequate decisions and most importantly, take a step towards compliance with this General Data Protection Regulation.