Monday, May 21, 2018

GDPR: What are the priorities for the IT department?

All too often it is assumed that GDPR compliance is ‘IT’s problem’ because having your personal data and technology in order are such vital parts of it. But compliance must be an organisation-wide commitment. No individual or single department can make an organisation compliant. However, in planning discussions around GDPR compliance, there are clear areas where IT can add significant value.


1. Be a data champion

The potential value of data to organisations is increasing all the time, but many departments, business units and even board members may not realise how much data they have access to, where it resides, how it is created, how it could be used and how it is protected. The IT department can play a clear role in helping organisations understand why data, and by extension GDPR, is so important in order to realise the value of such data and how to use and protect it.


2. Ensure data security

GDPR considers protection of personal data a fundamental human right. Organisations need to ensure they understand what personal data they have access to and put in place appropriate protective measures. IT has a role to play in working with the organisation to assess security risks and ensure that appropriate protective measures, such as encryption, access controls, attack prevention and detection are in place.


3. Help the organisation be responsive

GDPR requires organisations to not only protect personal data but also respond to requests from individuals who, among others, want to amend or delete data held on them. That means that the personal data must be collected, collated and structured in a way that enables effective and reliable control over all personal data. This means breaking down internal silos and ensuring an organisation has a clear view of its processing activities with regard to personal data.


4. Identify the best tools for the job

GDPR compliance is as much about process, culture and planning as it is about technology. However, there are products available which can help organisations with key elements of GDPR compliance, such as data management, security and the automated enforcement of security measures. Advances in automation and artificial intelligence mean many tools offer a level of proactivity and scalability which don’t lessen the responsibility upon people within the organisation, but can reduce the workload and put in place an approach which can evolve with changing compliance requirements.


5. See the potential

An improved approach to security and compliance management, fit for the digital economy, can give organisations the confidence to unlock the full potential of their data. If data is more secure, better ordered and easier to make sense of, it stands to reason an organisation can do more with it. It may be tempting to see GDPR as an unwelcome chore. It should however be borne in mind that it is also an opportunity to seek differentiation and greater value, to build new data-driven business models, confident in the knowledge that the data is being used in a compliant way.  Giving consumers the confidence to share their data is also good for businesses.


The IT department will know better than most how the full value of data can be unlocked and can help businesses pull away from seeing GDPR as a cost of doing business and start seeing it as an opportunity to do business better.

from Oracle Blogs | Oracle Marketing Cloud