GDPR - Do you have a firm grip on your data landscape?
GDPR will come into force on the 25th of May 2018, and represents a comprehensive reform of existing data protection measures.
In loose terms this concerns only data that can be used to directly or indirectly identify a person, including names, photos, email addresses, bank details, and posts on social networking sites.
To ensure compliance with key concepts such as the right to erasure and subject access requests, organisations need to be prepared to perform a sizeable review of how personal data is collected, stored and used. This can be quite a tall order given many have such elaborate data environments.
When considering data, organisations tend to focus on their main enterprise system or CRM database. However, it is important to appreciate that GDPR’s scope extends well beyond these, and concerns personally identifiable (PII) data that is stored on platforms such as Microsoft Exchange, Sharepoint and OneDrive - for instance, CVs stored within a user’s inbox, or marketing lists that are stored locally. So-called unstructured data, it is estimated that information of this nature accounts for more than 70-80% of all data in organisations, and poses the biggest challenge to manage.
Whilst authorisations surrounding the ability to perform data extracts can be tightened up, pragmatically the risks can only be mitigated with a deep-rooted awareness of GDPR amongst your team. However, ‘data discoveries’ shouldn’t be viewed with total dread. The concept of ‘lawful basis’ provides organisations with the opportunity to streamline their data by reviewing what they are storing and the rationale behind its collection. In addition, an organisation that has a firm grip on its data strategy can further increase trust and credibility in the marketplace by being transparent with its customers as to how personal data is handled.
Our comprehensive four stream approach to GDPR was developed through collaboration with its clients, and has it’s grounding in Sysdoc’s eight areas of specialism including process excellence and transformational change. With regards to your data challenges we can assist with the following services:
- Data Audits: Thorough assessment of your organisations current databases, records, third party agreements and archives, enabling you to identify where personal data is stored across your network.
- Intuitive Training: This is provided in a variety of formats, including innovative gamification options.
- Compliance Readiness Assessments: These provide an indication of the GDPR maturity of your organisation.
- Roadmap to Compliance: A programme of activities to progress and improve your compliance with GDPR.
We have a track record of managing change and delivering process excellence at some of the UK’s largest companies. We’d love to discuss your GDPR programme with you and provide some more details on our approach to achieving compliance. For more information, or to arrange an initial discussion, please contact [email protected]
Latest blog postsSee all blog posts
Thinking transformative, and embracing digital
Our latest thought leadership ‘Thinking transformative, and embracing digital’ takes a human-centred approach to transformation. We believe in creating alignment of process, technology and people to enable a 'customer first' outcome.
Designing the future of Sysdoc
How we enabled global collaboration and team work to rebrand from the inside-out, taking a human-centred approach to branding by putting our people and our clients first through the entire process. What does ‘brand’ mean to you? For some it has become shorthand for a variety of static visual assets, like the logo, or look and feel. But to us, brand is more than what a company ‘looks like’. An organisation’s brand lives in the minds of the people who engage with it. It’s how people talk about an organisation, and how they interact with it – a good brand increases both trust and loyalty.
How to improve your organisation's culture: The impact of unconscious biases in organisational culture
Did you know you are the culture creator? It comes as no shock that many of us struggle to improve ‘Organisational Culture’ when, as an industry, we still cannot even come to an agreement on its definition. It is suggested that when viewed holistically, organisational culture: is the rolling sum of what we do (or do not do) and whether those behaviours are rewarded and reinforced (monetary, recognition, advancement) or punished contains shared understandings and stories can be reflective of attitudes in the wider local, regional or national culture in which the organisation sits can vary within the company (based on its structure) is viewed by some as static, others as dynamic and continuous (Watkins, M., 2013)