Enabling GDPR Compliance through a Data Governance Framework
Learning to Work through GDPR using a Data Governance Framework
Earlier this year we published a solution paper around enabling GDPR compliance through a data governance framework. We’ve published the first page of that solution paper below. If you find the material interesting, we encourage you keep reading by clicking on the link at the bottom of this post.
The State of GDPR Preparedness
The European Union’s (EU) General Data Protection Regulation (GDPR) goes into effect on 25 May 2018, replacing and expanding upon key provisions of the EU’s Data Protection Directive 95/46/EC, which was first adopted in 1995. Much has
changed in the intervening 20+ years, and today’s data landscape bears little resemblance to the environment in the mid-90’s, at a time before the invention of smartphones, the Internet of Things (IoT) and the constant connectivity of social media. Although email marketing existed back then, the sophistication of what’s collected and analyzed today is mindboggling and sometimes disconcerting. Still, the basic precepts of data security and data subjects’ rights were and are fundamental, regardless of scale. The concepts of purpose, lawfulness, notice, consent, disclosure, access, security, transfer and others—all of these have long been core axioms of data protection. With the proliferation of big data, the need for stronger individual protection mechanisms, and the increasingly porous concept of “borders” when it comes to data sharing and transfer, the EU effort to enact a more unified and elaborate data protection regulation with increased extraterritorial reach is both ground-breaking and timely.
As the effective date of the GDPR draws closer, there has been an increasing amount of press on the action—or inaction—of companies that will be impacted by this cutting-edge legislation. A startling statistic of inaction is that Gartner is warning that by the end of 2018 at least 50% of companies that would be affected by GDPR will not be in full compliance 1. Part of the problem expressed in numerous publications and surveys is that a surprising level of complacency is rooted in addressing the symptoms rather than the problem. This is despite the fact that everyone is well aware that fines up to the greater of 4% of global annual revenue or €20 million are at risk, along with penalties up to and including data erasure and suspension of data processing and transfer, and embarrassing and revenue-impacting reputational risk.
As companies assess their readiness and identify how they may build internal compliance solutions or explore external options to overcome GDPR challenges, some marketplace vendors have turned to scare tactics to try and spur buyers to action,
stressing these exorbitant fines that could result from noncompliance—although ostensibly the most massive of these would be reserved for only the most egregious offenders 2. In a climate divided between one of fear and one of frustration with
heavy-handed tactics, some companies are methodically moving along the path to compliance, while others—beyond the usual procrastinators—are lagging simply because they aren’t certain where to begin 3. It may be easy to get overwhelmed by the complexities of the regulation, but companies can systematically tackle compliance by first assessing their level of readiness, identifying their biggest obstacles, defining a clear foundation for compliance, and mapping the steps to build a long-term compliance solution.
This paper seeks to provide a data governance framework for tackling GDPR compliance—from identifying key challenges and obstacles; to strategy, best practices, and other considerations; along with sharing an innovative approach to solving multiple compliance struggles with a software platform building-block approach that eliminates complex integrations and compliance gaps in three key areas – governance, compliance automation and machine learning analytics. To read more, click on the box below.Download the Solution Paper