Data protection has become a global phenomenon with almost half the world’s countries now having data privacy laws.
Others are looking to the EU General Data Protection Regulation (GDPR) model as the benchmark for driving a new era of compliance with strong regulators. Despite the “Brexit-factor”, the UK’s information commissioner, Elizabeth Denham, is firmly committed to implementing GDPR and advocates the alignment of the Digital Economy Bill to this EU regulation.
It is likely that legislators, as well as industry compliance and standard bodies, will continue to pursue stricter privacy and data protection measures. While transitioning to GDPR will be a major undertaking for many organisations, it is important to also highlight the efficacy-enhancing advantages of a comprehensive data governance programme.
GDPR compliance, which aims to enhance the privacy rights of subjects, makes businesses more secure, resilient and therefore more competitive. This is intrinsic to excelling in an era where data is a valuable commodity.
>See also: GDPR: What do you need to know?
Data-driven innovation is enabling organisations to make sense of the exploding volumes of data they are generating. From improving customer experience and engagement, increasing operational efficiency, providing better intelligence for business decisions through to enhancing innovation, disruptive technology is changing the game for businesses.
According to MarketsandMarkets by 2020, the business intelligence and analytics software market will be worth $26.78 billion. Gartner predicts by 2019, 90% of large companies will have a chief data officer with a remit spanning data governance, decision-making and the creation of business value.
The analytics and insights that data-driven innovation can produce are changing competitive dynamics for businesses by delivering greater acuity and focus.
Digitised data has been described as ‘the new oil’ but really (in the data-driven economy) it is ‘the new water’. An everyday resource that is central to how our businesses and lives function.
Successful businesses recognise good data governance goes hand-in-hand with an organisation’s digital transformation strategy. If extracting true value from data is the goal then it must be managed, secure and compliant. Furthermore, big data (unstructured data such as emails, documents on file servers, social media, video and audio) is not a game that’s played by different rules.
Although fines, sanctions and reputational consequences are most certainly a key driver for meeting data protection requirements, there are benefits of a well-executed data governance program:
Preparedness to navigate the changing risk, regulatory and compliance landscape
Data governance strives to make an organisation’s information more valuable.
Having a robust programme, (one which includes a privacy impact assessment (PIA), a company-wide data strategy; sets parameters for data quality and consistency, establishes data location and warehousing, addresses risks and security issues and factors how the data is used) puts the organisation in the driving seat rather than playing catch up with the latest regulation or threat vector.
Reducing the information security risk posture
With Forrester predicting digital transformation budgets will top the billion dollar bar in 2017 it is hyper-critical that security and privacy issues do not impede an organisation’s (data led) disruption.
>See also: General Data Protection Regulation: the BC/DR impact
For many, owing to new “privacy by default regulations”, data protection will engender greater focus on either implementing or boosting information security measures. Through enhancing governance and compliance as well as managing risks, organisations in the crossfire of cyber risks will be more resilient and that is an important assurance when investing in digital transformation.
Quality control, increased efficiencies and cost saving
Data needs to be cleaned, labelled, and enriched before its output can be trusted. An inability for an organisation to fully understand data quality requirements can lead to all sorts of unwelcome consequences such as: inaccurate invoices, packages going to the wrong address, a misspelled customer name, or wasted marketing spend. IMB reports in 2016 this problem cost the US $3.1 trillion.
Keeping data accurate and up to date, and ensuring it is retained no longer than necessary allows organisations to reduce the amount of information they need to maintain. A good data governance programme can tame the estimated 85% of stored data that is either: dark or redundant, obsolete or trivial (ROT).
It can also yield substantial savings on IT budget allocated to data storage. Considering 60% of a data scientist’s time is spent organising and cleaning the data, it will also free up these “digital janitors” to be extractors of knowledge and insights.
Good data governance can also reduce the costs and complexities associated with responding to subject access requests and, for organisations with a high litigation profile, can greatly streamline responding to an eDiscovery (eDisclosure) order.
Enhanced stakeholder trust – an increasingly valuable commodity
FireEye’s “Beyond the Bottom Line, The Real Cost of Data Breaches”, found high profile data breaches negatively impact consumer trust in major brands. The number of respondents (76 per cent), who said they are more likely to take their business elsewhere due to negligent data handling practices further, endorses data governance.
Companies that have invested in analytics of consumer based data should keep watch on the emerging “personal data economy”.
>See also: What are US companies’ view on GDPR?
A new breed of data savvy consumers seeking to recover their digital sovereignty, own their digital footprint and consciously decide how they want to make use of their data. This growing resistance to handing over information to algorithms could leave businesses having to rethink the processes and mechanics for data capture.
In an era where privacy can no longer be an afterthought, information governance (such as Privacy Impact Assessments) is key to helping organisations build the trust and transparency stakeholders increasingly value.
To fully realise the benefits of a data governance programme a standardised approach to PIA (such as those included in BS 10010, ISO 29001) can be an effective way to assess this.
Conclusion
Many organisations position meeting data protection obligations as an onerous and heavy duty exercise that does not contribute to overall efficacy.
This type of corporate culture simply won’t serve organisations as the regulatory and compliance landscape is likely to remain on a trajectory of strengthened rules and enhanced enforcement.
Making data protection a front and centre business priority will help organisations navigate its complex and evolving landscape. It is no longer an IT or HR issue but a company-wide responsibility that should be integrated into business support functions.
Organisations looking to put their data to work using the bold new technologies that are reshaping commerce must embrace best practice data protection to extract the true value (insights, analytics and intelligence) their data contains.
Sourced by Gavin D’Alton, BSI data protection consultant