With just 15 days to go until the General Data Protection Regulation (GDPR) becomes enforceable, research shows that 90 percent of small businesses are still not ready.
But a growing number of businesses are saying the legislation represents a real opportunity to clean house. Others are rolling out increasingly sophisticated suites of data management tools. It’s not too late, in short, to start getting compliant.
Where to Start (If You Haven’t Yet)
John O’Keeffe, VP EMEA at data specialists Looker, told Computer Business Review: “Many companies are still tackling data sprawl – in which masses of data is left dispersed, uncategorised and disordered.
“Ensuring these data ‘swamps’ are cleaned, organised and filtered should be the first port of call for CIOs.”
He added: “Once organisations have clean data ‘lakes’, they can continue the process of data analytics to drive business outcomes. Data analytics should enable positive business change, not start the data sprawl process all over again.”
GDPR as a Business Accelerator
IBM is among those seeking to help turn GDPR into a business accelerator, both for itself and for those to whom it is offering services. The company in March teamed up with Mastercard to launch Truata, which manages, anonymises and analyses vast amounts of personal information held by companies in a way that is GDPR-compliant.
It also last year introduced a wide range of new capabilities to its Resilient Incident Response platform (IRP) to give organizations time to begin preparing and adapting.
These include an interactive tool that prescribes step by step how you can prepare for GDPR in an interactive and dynamic way. Its Resilient GDPR Simulation meanwhile helps security analysts within an organization rehearse the actions they may need to take if they experience a breach under GDPR.
These include practicing for the 72-hour breach requirement, assessing risk of harm, or communicating with the Data Protection Officer and Data Protection Authority.
They’re tools that may prove a pointer even for smaller companies.
“Stop Working in your Business, Start Working on your Business”
As Ian Strickland, a chair at advisory group Vistage and a GDPR specialist told Computer Business Review: “To grow a small or medium sized company, you must review your internal processes and procedures continually.”
“Essentially you need to ‘stop working in your business, and start working on your business’ – GDPR presents the perfect opportunity for businesses to do so.”
He added: “Over time as businesses grow and become more complex, it’s inevitable that they amass huge amounts of unnecessary information – consider this a great excuse to get rid of stockpiled data that have no discernible use.”
“There are instances where companies have improved their productivity and efficiency by more than 20% through GDPR compliance alone and gained 24 working hours back each week. it’s not too late to kick-start the process. The most important thing is for businesses of all sizes to demonstrate that they are following a journey and understand the principles of the regulation. Businesses able to show that they’re treating the subject with respect are unlikely to face undue scrutiny.”
A Quick Reminder
New rights for individuals under the legislation include:
The right to be forgotten: data controllers must erase all personal data without undue delay in certain circumstances, when so requested
The right to data portability: where individuals have provided personal data to a service provider, they can require the provider to “port” the data to another provider
The right to object to profiling: customers can object to being subject to a decision based solely on automated processing.