GDPR icon on virtual screen showing the four steps that can help companies with GDPR compliance

GDPR Do-Over: Thousands of Breaches, Millions in Fines Point to More Work Ahead

4 steps to hasten compliance, and safely use data as an asset

Companies have experienced a big wake up call due to new data privacy laws, and more work obviously needs to be done.

Despite years of preparation to become compliant with the European Union’s General Data Protection Regulation, effective in May 2018, breach notifications have exceeded 160,000 in Europe, with imposed and threatened fines in the millions of dollars.

That so many companies weren’t GDPR prepared was wake up call No. 1. That regulators are taking action is wake up call No. 2. Look for “many more fines,” says Patrick Van Eecke, chair of DLA Piper’s international data protection practices.

GDPR won’t be the only regulatory hurdle. Look for more citations and fines due to the newer California Consumer Privacy Act, and other privacy regulations expected to come to fruition.

The big lesson from the GDPR failures is that getting privacy and data protection right requires a data-centric approach to everything you do. Companies starting from scratch can more easily pull off “privacy by design” with new products, services and processes. But the vast majority of companies have tons of data in silos, data lakes and other places and cannot start from scratch.

Here are four steps to help those companies move toward regulatory compliance, and to be more skilled in safely sharing data across ecosystems of customers and suppliers. By being able to safely share analytics, companies will achieve a competitive advantage.

Step 1: Understand what data you have. This means all data, even legacy data. Figure out where the data came from, how it got to you, where it goes from the data lake, who has access to what data and why they have access. Company security officers should have this information so they’re a good first resource. By inventorying data, you more readily identify exposures in terms of privacy regulations.

Step 2. Identify business processes powered by data. By knowing how data is used, and by whom, you more clearly see whether data is being used correctly, and you’ll be better prepared to show regulators that misuse is not occuring. In some cases, data sharing may occur—putting you at risk of violating regulations—even if it isn’t needed simply because business processes have never changed.

Step 3. Fix exposures. This might include stopping unnecessary data flows, updating business processes or adding tools to fix problems. For instance, an Excel report containing a whole bunch of data might needlessly share too much data as it gets passed around. A code fix could curtail such unnecessary sharing.

Step 4: Segment data analytics. This is all about limiting exposure by segmenting data analytics from the raw data. No one needs the data. Everyone needs the right insights. By sharing just the insights, there’s less risk that underlying data will be unduly shared.

By inventorying data, companies can readily identify exposures and safely share data across customers and suppliers. #dataprotection #respectdataClick to Tweet

Competitive advantage

Coming into regulatory compliance can be simply viewed as an annoying cost of doing business. But companies that will excel will be those that see data and data analytics as an asset and turn analytics into a competitive advantage. The more you can efficiently and safely share data and data analytics, the better you can serve customers with personalized products and services.