Global Marketing Alliance

GDPR – new data protection regulation is coming . . . are you sure you’re ready?

GDPR – new data protection regulation

The EU General Data Protection Regulation (GDPR) will come into effect from the 25th of May 2018. Irrespective of where you are located in the world, if you collect client data from persons in the EU, the GDPR is now part of your new standard operating procedures.

GDPR is all about personal data and to make sure this personal data is protected from outside attacks. The onus is on the company to prove that they do every reasonable thing to protect their customers’ personal data against misuse – whether you process and store all the data internally, or by engaging a third party supplier or SaaS provider.

What types of privacy data does the GDPR – new data protection regulation – protect?

With businesses performing more and more transactions online, as well as managing many of the business procedures online, the need for strong data protection has become a critical component of the overall business process.

As a savvy professional, it pays to understand the compliance criteria in such a way that you will be able to understand and manage the ongoing compliance requirements beyond May 25th. This date only marks the starting point from which we need to be more vigilant in how we manage, store and process our customer’s personal information.

Looking at GDPR from this point of view means that the management requirements for GDPR can be split up across five different phases. These phases coincide with the general lifecycle of a business process and they loosely align with Deming’s Quality cycle: Plan – Do – Check – Act (PDCA for short).

Phase 1: Recognise the value of GDPR for the overall business

Even though GDPR compliance is mandatory, it still pays to recognise the value for the overall business – approaching the regulation this way means you change your point of view from looking at GDPR as a burden to looking at it as an opportunity that provides value to the overall business.

Example questions you can ask to identify the opportunity GDPR brings to your organisation:

Phase 2: Define what GDPR – the new data protection regulation – means within the context of our business

In phase 2 we move from a more generic value-based approach to a more specific business context. What works for one company does not necessary work for a different one, so to avoid the ‘one size fits all’ approach – it’s important to look at the compliance requirements within the context of your company or business.

This approach links GDPR to the business goals and objectives, making it easier to identify cost-savings or efficiency gains of the business processes that deal with personal data.

Example questions to clearly position GDPR within the business context are:

Phase 3: Measure & analyse how GDPR compliance is currently performed

This phase might be the most important part of the whole approach. With fines of up to 4% of global turnover, the implications of not correctly complying with GDPR are massive.

First of all we need to understand how we can measure GDPR compliance. This means doing an audit on our customers’ data and how we process and store this data.

You can’t manage what you can’t measure, so identifying a way to measure and analyse GDPR compliance is the first important step to take.

Examples of questions to ask are:

Phase 4: Improve the GDPR compliance processes

Once you know the actual data that falls under the GDPR remit, you can create a process improvement system. The way we use data online changes constantly, which means we need to constantly reassess our data management and data storage processes. This also includes the way we hand over data to our vendors and third party outsourced partners.

The questions we ask in this phase are all around improvement and progress – not being satisfied with the status quo and constantly looking for better ways to manage our customers’ personal data in line with GDPR compliance. 

Phase 5: Control and sustain the data engineering objectives

This final phase will tie all the previous steps together and adds a layer of control over the processes. GDPR is not a one-off project to find out how your business scores towards compliance. It is an ongoing and constantly changing set of rules and regulations that you need to continue to comply with.

That’s why the questions in this phase are future-looking; solidifying what we are currently doing and building a series of processes and procedures that enable us to sustain our level of compliance, irrespective of changes in the legislation.

Once you’ve completed this step, you are on your way towards a strong and healthy future for your business.

Using a 5-phase approach like this ensures you’re approaching the GDPR compliance from every angle and you’re building a healthy future-proofed business.

Click the image for details of how to purchase.

Ivanka Menken is the author of GDPR Practical Tools for Self Assessment, now available for purchase.

Have an opinion on this article? Please join in the discussion: the GMA is a community of data driven marketers and YOUR opinion counts.

GDPR, compliance and much more will be under discussion at our MINT Data Driven Marketing Summit on Wednesday April 18 in central London. GMA readers can get £100 off the ticket price. Book NOW to hear top-level speakers share their knowledge about GDPR, innovation and the new data economy.

 

 

 

 

Exit mobile version