In recent years, the rise of cyber-attacks and malware campaigns has been threatening data security and service continuity in many sectors. In response to these threats, the European Commission has passed the “General Data Protection Regulation”, better known as GDPR, to strengthen and unify personal data protection for EU citizens. On May 25, the GDPR will come into effect, impacting all organizations (public and private) that provide services to European Union residents, regardless of where the organization is located. With substantial penalties foreseen for those that do not comply with this regulation and fines as high as up to 4% of the annual turnover or €20 million per incident, it is crucial that organizations prioritize a swift rotation into a new data management approach. GDPR is important for everyone because it impacts us all – private and public organizations as well as individuals. Here’s why.
After May 25, EU citizens will own their personal data, choosing which organizations will have access to it and which will not. In addition, they will have a say in which areas their data can be used and for what specific purpose. Finally, users will have to give their explicit, informed consent for use of their data and will have the “right to be forgotten” – i.e. the right to be erased from an organization’s database.
Yet, with new rights come new obligations (and opportunities)
Organizational & service innovation
Greater data transparency and security will require data processors to fully reshape both their organizational culture and technology landscapes – providing an open door to innovate and be one step ahead of the future!
GDPR should not be seen as a burden, but rather as an opportunity. Thanks to a broader definition of what personal data encompasses, the regulation anticipates future evolutions of Personally Identifiable Information (PII). With personal data growing exponentially in both volume and type, it is becoming easier for organizations to measure with more precision who an individual is and what he or she might want. These evolutions are an opportunity to establish a whole new approach to the way organizations manage and use citizens’ data, and to strengthen processes around the identification, process and management of Personally Identifiable Information.
Deeper digital trust
More control over personal data is key to maintaining the trust that citizens will place in public institutions in the coming years. As e-government initiatives have become one of the EU’s top priorities, the GPDR can be used by organizations as a lever to deepen citizens’ digital trust. If reassured that their data will remain safe and private, individuals may be more inclined to allow an organization to process their personal data. This combined with more efforts to improve digital services will only strengthen the image of public services and brands. Managing reputational impact from data breaches is a key benefit of GDPR compliance.
Less but better data
Currently, many organizations store old or low value data in siloes, which costs them money without offering any advantages. The time has come to rotate towards a comprehensive understanding of what types of data are stored and why, where they are stored and how they are managed. The more visibility an organization has on personal data, the more security it can offer its users’ information. As mentioned above, there is a lot to be gained by showing users that their data is respected, protected and used wisely to provide a more bespoke user experience.
How to Prepare
It may seem like an onerous effort to implement the people, process and technology changes required for GDPR compliance, but the time to act is now. Taking the following steps can help to kick start your GDPR compliance journey:
- Perform data mapping: This will help organizations answer crucial questions such as: Where is sensitive data stored? Who has access to it? When and where was it collected? For what purposes? For how long will it be stored in the system?
- Invest in smart and secure technologies: Today, digital innovation has a lot to offer. Public sector organizations need to look into that treasure chest and make use of what it contains. For instance, automation could help enhance responses to data breaches, while Blockchain could track and manage users’ consent and their “right to be forgotten”.
- Initiate a culture shift: GDPR compliance is not only about IT and security transformation. It impacts the whole organization. Promoting awareness and providing staff training programs will be key factors in a successful implementation of the regulation.
By taking preemptive action to prepare for GDPR, you will not only protect your organization and users but also lay the foundations for further innovation, whether this is e-government or private sector services.
Want to know how Accenture can help you prepare for GDPR? Feel free to contact us for a chat!