When it comes to data privacy in the European Union (EU), the clock is ticking. In less than one year on May 25, 2018, the most sweeping change in data privacy regulation in 20 years will go into effect for consumers and businesses throughout Europe. Here are the quick facts about the General Data Protection Regulation (GDPR):
- It gives people more say over what companies can do with their data
- It makes data protection rules consistent across the EU
- It affects organisations that offer goods and services within the EU and have customers and employees based there
- It introduces tougher fines for non-compliance and data breaches
For details, visit http://www.eugdpr.org/.
An Opportunity for Enterprise Architects
At the business level, this new regulation puts millions of pounds, euros, and dollars at stake in the event they fail to properly protect sensitive personal information; in addition to the unquantified damage it could have on a brand’s reputation.
This is an opportunity for IT and enterprise architects to show their value to the business.
Because organisations will be obligated to protect personal data as a corporate asset, they must understand how it is being used—and leaders will look to IT and enterprise architects for this information to support decision making. More importantly, as part of the new standard, companies can only use the data collected for its stated purpose—so having insight into how personal data is being used will be imperative to compliance.
IT and enterprise architects are in the best position to help the business understand how data is being used to not only support customers, but advance strategic initiatives such as digital transformation.
Do I have your attention? Now what?
5 tips to help you get started with GDPR compliance:
- Identify key groups’ stakeholders in the company and create a committee
- Work with those stakeholders to ensure they understand what GDPR is, how it will affect your organisation, and how YOUR team will support them
- Schedule a meeting to discuss which departments, technology, processes, and data could be impacted
- Put a plan in place for adhering to the regulation within your organisation
- Begin documenting information assets that contain personal data and how it is used within the organisation (Planview can help you with that!)
GDPR is a hot topic for organisations operating within the EU. Register for the webinar, GDPR—An Opportunity to Better Understand and Transform Your Organisation, for more information on GDPR and how IT and enterprise architects can support the business and achieve compliance. In my next blog, I will discuss what questions you need to consider when assessing your information and data and information portfolio—now and in the future.