Have you set a real GDPR strategy yet?
GDPR is about a whole a lot more than just consent. It’s about end-to-end orchestration, governance, dynamic processes, and auditability. It’s about getting your old systems to work with your new systems. And it’s not just a matter of your business’ ability to react to customer requests; you’ll need a host of proactive processes as well.
No-one really understands the impact yet, however you do need to consider how you will manage requests and get the process documented. It may be a bit like Y2K when not a lot happens at midnight, however we do expect citizens to start asking for their personal data and sharing their experiences across social channels. The volume of requests could rapidly become high and your processes will need to scale quickly.
Rather than employing lots of extra people to administer requests technology can help to automate some or all of the process.
What does it mean for your company / department?
- You will need to establish processes to disclose information to any EU resident you do business with, telling them whether personal data concerning them is being processed, where, and for what purpose.
- Any EU resident can request a copy of their personal data free of charge, or demand that you wipe out all of their data.
- You could even be challenged to explain your business’ automated decisions, and much, much more.
Gartner predicts that less than 50% of companies will not be ready to comply by May 25, 2018, when the regulation goes into effect.