The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. As there’s now less than a year to go until enforcement, small businesses need to find ways to take advantage of the opportunities the changes will bring.
GDPR will firmly place the customer in charge of his or her data. It’s been designed to empower individuals and allow customers to decide what happens to their information.
Businesses need to move fast
To comply with GDPR, companies must ensure they have an up-to-date overview of their customer information. Without this, it won’t be possible to meet the new requirements.
Compliance could cover everything from strict destruction of information rules, to the right to be forgotten. If a small business doesn’t have an overview of the data it holds, then it can’t fully comply.
Data consolidation
Customer data now covers so much more than contact details. It includes end-user information including things like shopping preferences, browsing history, interests and hobbies, marketing activity and more. Business owners must consolidate all information, no matter how many data systems it spans.
Due to the diverse nature of data identification and processing, this information is held on different systems for use by different parts of a business. Traditional data management tech makes consolidating this data difficult, time consuming and expensive – none of which is ideal for a business looking to minimise its compliance costs.
Deleting data
The need to consolidate such complex reams of data has led to some businesses deciding to delete. For example, data for marketing purposes could feasibly be dispensed with as it merely adds to GDPR compliance.
However, while this may look like a good solution by the employees tasked with complying with GDPR, it could be catastrophic for the business owners who have strategically harvested marketing data for business reasons.
Lack of cohesion
This lack of cohesive structure between information owners and IT shows the need for further understanding of the wide-ranging implications of GDPR. A recent study shows that just six per cent of UK businesses see GDPR compliance as a priority. A fifth of businesses go further and actively place it in a low priority category. However, this is a mistake as failing to understand and act on the implications of GDPR will result in far more than fines.
As the deadline approaches and no strategic decisions are made concerning data, companies may have to delete vast swathes of information – something that could damage the future of their business irreparably. And, after 26 May 2018, companies may have to stop collecting marketing data, as continual compliance is needed.
Businesses must take control
To avoid this scenario, data owners and businesses managers must take control of GDPR compliance. They must see it as more than an IT project and understand how crucial retaining data is to their future.
Cloud analytics could be effectively used to understand the value and quality of data a firm holds. This would dispense with a long drawn out project and allow an overview to be analysed faster. The first step is to consolidate all data sources into one customer view. Armed with just one overview of its data, a company can understand quickly what can be done to comply with GDPR.
In this way, the business can retain business information that is critical to the business, and create a long-term foundation for GDPR compliance going forward. It can also form the basis of digital transformation for the company on a wider basis. One view of every customer, with all relevant data contained within, opens a world of possibilities to monetise information, drive change and improve efficiency.
Combining IT management and business management can give companies the best of both worlds in the run up to GDPR coming into effect.
