Data Governance, Data Regulations

GDPR and Data Governance: A hand in hand affair

The introduction of GDPR should not be seen as a burden for companies but rather as an opportunity to review all the data governance policies that are in place. Companies should be able to find the right balance between GDPR and their data governance structure.

Companies could create a competitive edge by not only addressing how they manage the personal data but for all the data they hold. If companies get it right, they could discover new business opportunities waiting to be exploited.

As we all know by now, the GDPR gives every EU citizen the right to know and decide how their personal data is being used, stored, protected, transferred and deleted.

Those companies that put data privacy at the forefront of their business strategy would be the ones who are clearly and efficiently managing their customer data in a fair and transparent way. Hence giving them the competitive edge based on privacy.

One of the requirements of GDPR is to document what personal data is held, where it came from and who is it shared with. By really understanding the data they hold, companies could be made aware of the data they can gather, as well as analyse and apply this data to boost sales or marketing efforts.

Companies should ensure that their data governance structure will support the GDPR requirements. Policies and procedures need to be created or re-assessed to help keep corporate data consistent and ensure that it meets the information needs of business users. It is also an opportunity to review data management practices.

The GDPR requirements combined with a robust data governance structure could give organisations the opportunity to become a data-driven company based on building tools, abilities, and a culture that acts on data hence really making an internal transformation around data.

Data Regulations

20 Fun Facts about GDPR ?

  1. GDPR is short for General Data Protection Regulation.
  2. GDPR are rules for the protection of personal data inside and outside the EU.
  3. The aim of GDPR is to give residents control over their personal data and unify the regulations within the whole Union.
  4. GDPR went into effect on May 25 ,2018.
  5. Seven key guiding principles to process personal data.
  6. GDPR covers aspects of data security, rights and freedoms of EU data subjects, regulatory compliance and risks, data governance and control of data.
  7. GDPR is enforced by the supervisory authority in each member state.
  8. GDPR affects any and every organization across the world that does business with people in EU member states.
  9. It makes organizations directly accountable for what they do and don’t do with sensitive EU citizen data. This also includes governments agencies and other public associations.
  10. There are a lot of processes and procedures to document!!
  11. Technology plays a very important role.
  12. GDPR allows for a 360 degree view of data subjects and a single source of truth.
  13. Certain organisations that process data may be required to appoint a Data Privacy Officer.
  14. The GDPR imposes a set of serious penalties on data controllers and processors for non-compliance.
  15. The GDPR maximum penalty is 4% of global annual turnover or €20 million – whichever is higher.
  16. A written warning can be sent to organisations in cases of first and non-intentional non-compliance.
  17. Fines under GDPR of up to 10€ million or 2% of annual worldwide turnover will be imposed on organisations that don’t uphold the obligations of data controllers.
  18. If an organisation incurs a data breach, they should notify the relevant authorities within 72 hours.
  19. Implementing the GDPR is not an option, but a legal requirement, which needs a high degree of commitment and resources.
  20. GDPR can offer numerous opportunities with a well-designed internal data protection framework.