Every time I look at my email inbox, I’m reminded yet again of the impending GDPR deadline. It’s EVERYWHERE! Whether I’m being asked to confirm that I’m okay with a company holding my details, or I’m being pestered by agencies offering advice. My son has even brought home a letter relating to GDPR from his music teacher! I think that I’m about sick of it now.
But although it’s tedious, I have to remind myself that it’s important not to let that feeling turn in to apathy. In the age that we now find ourselves, data and how it is held is a critical resource in almost every company. It’s good, in many ways, that the government are understanding its significance. A collection of email addresses and birth dates might look like a load of incoherent characters; it’s easy to forget that each piece of data represents an individual. The government are recognising that the matrix of data held within companies is volatile. At any given opportunity one piece of data can become agitated resulting in law suits and legal fees: having alarming implications that are leading many to believe GDPR will actually become the new PPI.
So that is why I can’t become apathetic towards this latest scheme. I have my own company data to worry about. I need to make sure that all the Ts are crossed and the Is are dotted. Ensuring that data security is watertight is now of paramount importance.
However, I’m in a luckier position than most. I have a fundamental understanding of managing and manipulating data. It’s how I earn my crust. On a daily basis I’m entrusted with profuse, company data: I intrinsically understand data discretion.
So what should your top priorities be?
Obviously, it starts with knowing what data you have got. From the humble Outlook address book, through to countless spreadsheets, and maybe databases for accounts or customers, not forgetting website sign-up forms and emailing lists. Your data is probably going to be EVERYWHERE. It will be all too easy to forget what you have in any particular place.
When you upgraded your software, did you archive data which has now been forgotten? Are there shared network folders with data hiding in plain sight? Hidden data not being used day in and day out, but of which you still need to be aware, for which you still have responsibility.
You are probably conscious of who is responsible for larger marketing campaigns. But do you know if someone is using an address book to send out impromptu mailings? A sales person sending out a rough and ready, Friday afternoon mailing? Do you know if data is being accessed internally, or externally without your knowledge?
Ultimately GDPR will focus on the auditability of WHO gave you authorisation to store data, exactly WHEN that happened, and HOW secure your data controls are to stop unauthorised or accidental use.
The use of data discovery tools are at least a starting point to help you understand what you have got, where it is and how it links together. The finishing touch is setting up security so that only authorised personnel can access it. And that is where peace of mind comes from, enabling you to sleep at night.
Thanks for reading.