Have you given thought to how you’ll make sure your company will be able to stay compliant with GDPR even as threats and technology change? Thanks to some email commentary from Tim Jesser, director of global product marketing with Snow Software; Ameesh Divatia, co-founder and CEO of Baffle; and Jean-Michel Franco, senior product marketing director for Governance Products at Talend, I’ve come up with a list of tips on how to keep moving forward with your GDPR policies and processes.
Know what personal data you have in your control. Franco said the best way to do this is to continuously maintain a map of the personal data that flows across the organization. You’ll also want to develop a 360° view of each data “subject” where individuals can collect, connect and protect all the personal information they intend to maintain.
Be motivated by trust, not compliance. Do your customers care if you are GDPR compliant? Do your customers even know what GDPR is? To them, it may be nothing more than a blip from a news story or the reason for all of those emails requesting their permission to use their personal data. Does anyone think for a second that consumers and customers are going to increase their trust in a company because they’ve seen a new policy that complies with GDPR, Divatia asked. Trust is not a built-in contract, but in communication, commitment and consistency. Treat customer information not as a currency or commodity, but the most valuable bond between a company and its users and customers.
Determine what data is shared with vendors and how they handle it. As a customer, I think that my information is the hands of Business A, but I had no idea that Enterprise B and Corporation C also have access to it. Okay, actually we all know that our customer information is shared between different organizations, but truth is, we don’t know what organizations. One of the many ways GDPR is complex is that an organization is responsible not only for ensuring adequate security measures are in place in its own environment, but also in the environments of vendors with whom it shares the personal data of its customers, said Jesser. It is up to your organization to make sure that the others that are touching your customers’ personal information keep it protected.
Stop hoarding data. Yes, this is a world all about Big Data, but do you really need to store all of it? Too often, organizations want to hoard all of that data they collect in order to use it later, Divatia pointed out, but that’s just setting yourself up for a potential data breach. There needs to be a fundamental change in getting personal information for the right purposes, Divatia added, while showing the customer the value of that data exchange. Ditch “Big Data” for “best data.”
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba