GDPR & Digital Transformation
General Data Protection Regulation (GDPR) is industry, platform and delivery agnostic and very deliberately so, this is because GDPR was created to protect the rights of the individual (data subject) and purposefully does not reference any type of framework that may contain personally identifiable data.
The GDPR Deadine is approaching very soon so your organisation needs to get ready for it. If you don't understand why then we recommend that you read the GDPR timeline published by Garry Lander, as it will provide a valuable context for all project consultants readying organisations for GDPR and why it matters so much.
Come the 28th May 2018 the collecting, holding, processing and sharing of identifiable data will, to all intents and purposes become a regulated function and with that comes responsibility and an associated liability (both corporate and personal). Due to the agnostic wording of the GDPR and the use of such terms as "data subject" and "Identifiable data" any data source containing information of this type is subject to GDPR regulation. That is regardless of whether that source is an AS400 from 1991 containing 5 million records, an excel spreadsheets on a local drive or, a web cookie designed to deliver a better user experience on a web site.
Any one data source now represents a GDPR RISK of non-compliance. The factors includes data leakage, stale data, obsolete data, non-permission data, data that has no relevance to the function.
When looking at multiple data sources that reference a single identifiable data subject then the above risk factors are multiplied proportionately. On top of that multiplier factor you now have the issue of contradictory information pertaining to one data subject and you have to also maintain a deletion policy and information request policy that can function across multiple data sources.
When you factor in third party suppliers you also have to factor in a reduction in data flow transparency and you also have to factor in another element of the GDPR which is compliance with the third party data sharing rules.
The GDPR regulations now introduces the role of Data Protection Officer. They will have overall responsibility for ensuring an institutions GDPR compliance and will have a vested interest in reducing an institutions GDPR Risk.
So what does GDPR Utopia look like?
A single data source that all services call on for identifiable information when required for the delivery that service or function. Ideally this would be based on session requests only and once the purpose has been completed the identifiable aspect of the data call is removed. The architecture of the Web Labs Bridge is ideally suited to GDPR compliance and Data Quality with reduced risk exposure.
Definition of Utopia – "an objective to be strived for yet never quite achieved". That single source may not be achievable and in some instances may not even be appropriate. However, it is absolutely clear that maintaining multiple in scope GDPR data sources represents too much risk for an institution to carry, therefore it is inevitable that over the next half decade (when a large number of existing third party contacts will expire) there will be a drive to:
- Reduce the number of data sources
- Reduce the reliance on legacy systems
- Reduce the duplication of workflows
- Reduce the reliance on administration
When you look at GDPR from a risk reduction angle you are also applying exactly the same principles and objectives as you would when applying a “Digital Transformation” agenda.
The Web Labs Bridge is ideally suited to those looking for GDPR readiness with high standards of data quality for reduced risk exposure.
Last Updated: 10 May 2018