Data privacy challenges are garnering worldwide attention, with data positioned as the new oil. When reports and interviews around data privacy are covered by the New York Times, 60 Minutes, and CNN, among others, it is time for companies to take notice. The European Union’s General Data Privacy Regulation (GDPR) went into effect on May 25, 2018. Enforcement has become real, as evidenced by the $57 million fine levied on Google by a French regulator, elevating data privacy in the corporate discussion.
GDPR does not only apply to European entities; the regulation details that any global firm that conducts business with or transacts data with the EU must be in compliance. GDPR sets a legal framework for the protection of personal information of individuals within the EU. It covers all businesses that deal with personal data of EU citizens, ranging from private consumer data to employee data, and even to the IP addresses of people using online services.
The Challenge Amplified
Consider the proliferation of data in your business. Data is replicated and shared across the globe in or real time or near real time. Additionally, data in various forms supporting a firm’s digital transformation, social media, mobile services and third-party service providers' needs can make the path to compliance rocky. Data is pervasive; it touches all facets of your business, and customer data is at the heart of most businesses.
As you consider these factors, additional new data privacy laws are being enacted. California passed its Consumer Data Privacy Act, which took effect in January 2020, and the state of Washington is passing a privacy law with transparency requirements that are similar to GDPR. As these regulations and others become law, they will heap further data privacy measures for companies. GDPR is the first material marker in an expanding data privacy wave.
The increase in data privacy regulations contends with advancing technology that seamlessly proliferates data sharing. Companies embrace new technology, especially ones that attract new customers, enhance the customer experience and help produce more revenue. This makes companies responsible for the burden of data privacy compliance and the impacts of deploying new technology that is full of complexities and possible ramifications. But where there is a challenge, there can be a real opportunity. GDPR can be a lever to get your company’s data positioned as a nimble, strategic asset, with one version of the truth, which is within acceptable measures of compliance. That would make not just customers happy, but a lot of CFOs, COOs and, of course, CEOs.
The Management Challenge
When a firm learns about new mandatory compliance measures such as GDPR, there are rightfully a host of concerns. If the mandate has enough “teeth” (i.e., risk, penalties and expense), it makes its way to the executive suite. Management needs to set a strategy to meet the more stringent regulatory mandate without losing focus on growing revenues and profits and while innovating to stay competitive, keeping the board of directors happy and maintaining an engaged workforce.
As with most regulations, GDPR certainly has an interpretive component. Each firm does have to work to understand what it means for them and align as closely to the regulatory requirements as possible. Leverage your legal, compliance and IT teams to get the technical and operational pieces of this correct. While there is some room for interpretation, GDPR is explicit regarding data ownership.
GDPR: Competitive Lever?
The key question still remains: What should your approach for GDPR be? Is your approach a series of tactical efforts to comply with? Or do you see GDPR compliance as a strategic lever?
What is both compelling and different about GDPR from other compliance mandates that firms have slogged through is that many firms (in the U.K. and other parts of Europe) see GDPR as a competitive lever. How can this be the case given the disruption and the expense? These firms see GDPR as a way to get the data management paradigm right. GDPR does indeed inform a robust data strategy; all the required components are there, providing a solid foundation for a practical plan.
Core to an approach that fulfills GDPR compliance and the needs of good data management is data governance. A strong data governance program is vital to data visibility and oversight needed for GDPR compliance. It supports assessing and prioritizing data risks, as well as facilitating compliance verification with auditors, and helps manage the current state of your data, its evolving future state and its lineage through the data ecosystem. With the right data governance approach and supporting technology, companies achieve compliance using their current as-is architecture and data assets.
Whether your company has implemented data governance or is looking to GDPR gives companies the opportunity to define or reassess their data governance policies and procedures, not just for personal data, but for all data. With the correct governance, companies can comply while building a competitive advantage. Strategic, enterprise-wide data management driven by GDPR compliance will increase consumer trust, improve data quality and analytical processes, optimize operational efficiencies, and reduce costs. It will move the enterprise closer to being a data-driven business.
With GDPR or any other data privacy mandates that arise, governance, structure and holistic work with cross-disciplinary teams will advance what should be done as a best practice. Companies that do not view GDPR as a tactical effort, but rather implement appropriate processes, policies and technology to manage their data and its proliferation holistically for enterprise advantage will become nimbler. These firms will pivot to take advantage of marketplace opportunities and excel past their competition. They view GDPR compliance as a business investment and an opportunity to lock down data management as a differentiating business enabler. GDPR compliance can be an opportunity to propel a company to best practices in managing its data and realizing the strategic, competitive, and financial benefits of taking a broader view.
About the Author
Harry Hanelt is a member of HP Marin’s Executive office and is the firm’s CEO. He has over thirty-five years experience in both Consulting and Industry, where he has held leadership positions in several large firms including KPMG, BearingPoint, SunGard, and Heublein. Mr. Hanelt also served as the Managing Director and President of HP Squared LLC, an affiliated Data Strategy Consulting Business. Harry specializes in providing Strategy, Advisory and Leadership for Transformation, including Business Process Improvement and the deployment of Technology Solutions. Mr. Hanelt has been a keynote speaker at conferences and has served as an Industry Advisor to the University of Connecticut’s School of Business.
This piece was originally published on Forbes.com –