I'm somewhat unique in that I love GDPR and data protection. An eternal optimist, its because I see the whole big picture and all the benefits that GDPR can bring to an organisation. The first two pillars —Know your Data and Protect your Data — cover the fundamentals of GDPR. The third pillar— Love your Data— is your reward at the end. The size of the reward is up to and will depend on how far you want to venture into Business Intelligence.
The very first stages of a GDPR audit is mapping your data. You need to know what data you collect and where you store it. For most businesses there's a good deal of forgettery. And the process acts as prompt as you try to create a visual of all the information entering and leaving your organisation. Putting data protection to one side, you realise where there's duplication, and in some cases poor business practice. You see it from the customer's eyes - whoa, this looks shifty, why do they need to know this? Oftentimes one department is completely unaware of what information another department has. There are many cases of having no idea why the information is collected or its purpose. And then comes the realisation that the more data we collect the more at risk we are. The enormity of the responsibility of protecting all that data starts to push down.
The GDPR requires that both data controllers and data processors keep and maintain “full and extensive” up-to-date records of the particular data processing activities they are carrying out.
Easier said than done. But if you follow a pragmatic 'one bite at a time' approach look at systems and controls need to be put in place to keep the data secure. Some of it will be technical like patching your network, or installing password managers and implementing two-factor authentication. Some of it will be human. instilling security awareness amongst your staff. Fostering an environment where reporting a hack or security breach is rewarded not punished. Training all the time and not just an annual hour in the conference room .
Policies and procedures are your cornerstone here. Document how you protect the data and creating step by step procedures for a security breach for example.
This is where all the above starts to pay off. You've offloaded all those old mailing list contacts that never responded anyway. You've gained consent to market so the customers you're talking to want to hear from you. But best of all you have a 360 view of your customer because you know what data you have on them that you can use to provide a better experience for them. This isn't the creepy stuff like really personal emails that make them feel uncomfortable about how much you know about them, rather its transparent communication where its clear you've put their needs above yours.
The data you collect can be stripped out for stats and entered into a Business Intelligence app like Power BI or Tableau. You've gone full circle and now you have a visual representation of your business and your customer and you could only do that because you knew what data you had.... Know your data
Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.