Data by Design - an extension of GDPR’s Data Privacy by Design
11 March 2019
The recent large fine issued by CNIL, the French Data Protection regulator, to one of the largest tech organisations, for lack of transparency, makes the regulatory implications of GDPR very real for companies who are not yet ready to fully meet the new requirements.
Most companies have gone through a long processes of updating their practices and the internal perspective is usually that this is a painful necessity, an expensive and disruptive compliance operation. However, some organisations are coming out of this process with a realisation of how GDPR has increased awareness of data and improved levels of data literacy more broadly into additional data areas, not just with personal data.
Inevitably, the first few hectic months of GDPR implementation were based on a risk-based approach, with the priority firmly on meeting obligations quickly. But now, several months down the line, we are starting to see that GDPR has encouraged firms to start to approach data differently.
We have seen firms becoming more mature in their thinking around their data – how they collect it, how they control it, the quality of it, what they do with it, and how they may monitise it - both as a direct result of the legislation as well as awareness that it is the right thing to do. Data has become a strategic and operational issue and a recognised asset – and that’s a very positive development.
PwC has helped a number of firms to understand the value of their data and this has become clearer as a by-product of GDPR and associated implementation programmes. Boards are far more willing than before to invest in systems and processes that collect, control and manage data. This is partly because they are being asked questions about their own data in their personal lives and the potential reputation and regulatory risk associated with ignoring it.
In working with our clients, one of the very positive things about GDPR is that it has required people from across the organisation to come together and talk about data at a senior level. Pre-GDPR, organisations would rarely think collectively about the data they collected and what they did with it (and perhaps more critically, what they could do with it). Data has emerged as a multidisciplinary issue.
This is reflected in the emerging governance structure around data in many organisations. Someone said to me recently that “they hadn’t appreciated how closely aligned the DPO, CISO and CDO roles are” – that’s a real reflection of how thinking around data has matured as a result of GDPR.
The regulation has changed the way that organisations talk to and interact with their customers. It has required organisations to ask specific questions of customers about their data and that has opened up more personalised, closer communication channels. The upcoming e-privacy regulation will reinforce this still further.
We are entering the next stage of GDPR, as firms begin to mature their thinking about the wider implications of working with data and embedding GDPR requirements fully into business-as-usual. GDPR is in my view a great catalyst for positive change.
It's time to think differently about your data. We focus on helping organisations work better with their data, applying practical data and analytics solutions. Utilise your data as a valuable asset, not only for the purposes of GDPR but also the wider data management benefits.
If you would like to discuss these issues, or the impact of emerging technology or data and analytics on your industry, then contact our Data & Analytics team.