Organizations across the globe are working towards implementing GDPR, which officially goes into effect on May 25, 2018. So what is GDPR
Wikipedia states that the General Data Protection Regulation is “a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.”
This regulation is relevant for companies doing business inside the European Union, with organizations within the EU or with any EU resident. If you’re collecting any data about an EU resident, this applies to you, too. The data can range from private information, addresses and public information, to social profiles, images, pictures, IP information, device IDs and medical and financial details.
As collectors of data, organizations will be expected to share data retention times, provide information about how they used the data to reach certain decisions about a consumer, share the data being collected and make changes when requested. And in certain cases, process requests for erasure of all private information collected. In the case of a data breach, there must be processes in place that inform the affected parties within stipulated timeframes.
In addition, explicit consent is required before information is collected, and adult consent is mandatory when the collection of data involves children below 16 years of age. There must be a provision to produce the consent on request, and a way to withdraw the consent, as well.
Customer data is often distributed within multiple systems and organizations, resulting in duplication and inconsistency. The first step for resolving these issues is building a reliable foundation of customer data with proper governance about data access and audit trails about data changes.
Many companies are considering master data management (MDM) solutions to address compliance challenges. But while legacy MDM systems can comply with a small part of the regulation by managing profile data, they also leave it to you to figure out how to manage the transactional and interaction information across other systems and channels.
Modern data management platforms can help organizations speed up the time to compliance and go beyond typical MDM solutions that only manage master data – a modern data management solution brings in all transactional and interaction data, as well as relationships uncovered across data entities, like people, products and places.
The ability to connect with internal, external, third-party and social sources helps create consolidated profiles. As you match and merge profiles, you must be able to trace and maintain data lineage across all attributes. Reporting on the source of data for any attribute is critical. Bringing in omnichannel interactions and transactions and relating them to master profiles is key. This not only provides you with a better understanding of your customers to make data-driven decisions, but also provides a consolidated interactions history for reporting. In the case of a data breach, you can quickly find out who was impacted, who had access to the data and who will need to be informed.
As managing consent becomes more challenging, the graph technology within modern data management systems can help you understand and manage how people are related to one another, as well as gain a complete understanding of the relationships among stores, locations, channels and types of consent. If there should be any question about a child’s data, graph technology can quickly present complete household information involving the child’s parents and consent type relations.
With GDPR, consumers get new rights about how their data should be managed, so companies need a mechanism to support that right. Having robust workflow capabilities that can manage customer requests is a requirement for GDPR compliance. Modern data management systems have built-in workflows, like data change requests, deletion requests and review requests. These workflows can be customized for business users to efficiently manage such tasks with complete governance and traceability.
Modern data management also allows you to easily connect to third-party data sources to enrich your data. For GDPR compliance, organizations can track which attributes came from which external data provider. In the case of a change request, the request can be routed back to its original source.
There are many other aspects to GDPR compliance, but a modern data management platform can play a significant role. Start thinking about your overall data strategy and evaluate how modern capabilities such as master data at big data scale, graph technologies and machine learning and predictive analytics will help you maintain compliance.