As the European General Data Protection Regulation (GDPR) scheme looms, bringing with it an unprecedented emphasis on data protection, many organisations are grappling with how to prepare for the necessary technology required to keep sensitive data safe.
The GDPR aims to create a unified approach to data protection across the European Union and all foreign companies processing data of EU residents, or any companies that have business interests in EU. Greater accountability and governance are central requirements within GDPR compliance, and some businesses have neither the processes nor systems in place to meet these requirements yet. With organisations at risk of facing severe financial penalties for contravention not to mention the increased risk of cyberattack, it has never been more critical to make data precision and accuracy a key business priority.
While the Australian government remains committed to privacy laws, the Data Availability and Use Taskforce reached a consensus that using and sharing of data will encourage innovation and competition, improve the delivery of government services, better inform policy development and deliver greater choice and outcomes for individuals and society as a whole.
An essential part of building a foundation for data availability and use is understanding the flow of personal data around a business, end to end and outside of the business. Businesses across the public and private sector need to take a look at their customer information, and how they gather, store, organise and protect it. At Pitney Bowes, conversations we’re currently having with clients on building a foundation for data sharing compliance focus on three key areas:
Understanding the flow of data around and outside the organisation
A number of organisations struggle when it comes to effective data acquisition, which in turn has a direct impact on data management and security. Even at the earliest of stages in the customer journey, it’s easy to see the complications and complexities which arise as data begins its flow around the business.
Massive amounts of customer information are now being gathered via the ubiquity of mobile phones, social networks and the Internet of Things, enhancing the need for organisations to know their customers like never before. It will be vital that organisations discover where Personally Identifiable Information (PII) is being held, how and for what reason it is being held, and ultimately how to effectively integrate it across systems. With PII data often proliferating across many systems across organisations, including many legacy ones, this is a significant challenge for most firms.
As the customer journey progresses and customer experience develops, the data flow becomes even more complex and open to risk of duplication, of inputting error, of expiry and inaccuracy as more data points are created and more employees record information on that customer in different ways, for different purposes. Organisations need to gain a broader understanding of the flow of their data through their business, its inputs, processing and output, if they are to prepare themselves for the GDPR.
Keeping data current
Keeping data current and accurate through effective customer information management is an important foundation for GDPR compliance. Businesses must minimise the data they hold, and have governance procedures that support individuals’ rights of access, rectification, deletion and the restriction of data processing.
By harnessing the right technologies, organisations have the opportunity to increase efficiency by consolidating and simplifying backup and recovery regimes. This can reduce the number of copies of the data that exist, while safely leveraging the capabilities offered by both private and public cloud. This type of modernisation also ensures genuine business continuity capabilities in the event of ransomware and other cyber threats going forward.
A solid customer information management strategy for dealing with data issues must include plans for — and technologies to — aggregate, cleanse, federate, enrich and govern expanding stores of information. Some customer information management platforms can help with this, with in-built capabilities including data profiling, standardisation and normalisation of data, advanced data matching and consolidation, validating organisation’s data against the very best available reference data.
Uncovering connections within the data
Data disparity creates challenges, such as data regulations compliance but it also creates gaps for businesses when extracting customer insight. At Pitney Bowes, we look at businesses where there are many customers, large volumes of data, and complex relationships within the data. A solution lies in creating a single customer view as this can help improve those relationships and processes across organisations. Centralising data management strategy and achieving a single customer view are crucial components to growth, efficiency and cost control.
All in all, the GDPR will be a pivotal moment for companies as they will have to share and protect data at the same time. Solutions like single customer view will empower companies to discover, prepare and act to get started on the path to be data compliant.
Nigel Lester is managing director of software solutions for Pitney Bowes ANZ.