D Justhy

GDPR – Up Your Data Game With Your Process Discipline

From the 25th of May 2018, rights of individuals in the ‘cyber world’ will be strengthened and businesses must acknowledge this by law. The price of not doing so could result in fines due to violations of regulations. Previously this was merely a directive. These fines could potentially run into millions or even billions.

It will be important for every enterprise to acknowledge that individuals need to be recognised as a “data subject” and more importantly, a very valuable one. This is the reason, I refer to the most important data in any enterprise as the data related to the involved persons in the business model.  In fact, I even call this – ’the billion-dollar byte!’

Person centric data in any enterprise must be protected and managed like a ‘heartbeat.’

My book, The Billion Dollar Byte, was honoured as the finalist in the 2017 American Book Fest. For me as a first-time author, it was an acknowledgement that the life of a person in the digital world is just as important as in the physical world. Only now, it is being legally enforced through a regulation.

Like with everything else in life, it is either good or bad, depending on your perspective.

Data has always been, is today and will be tomorrow, a mere reflection of a processes. The only difference, is that today, the processes are being digitalized.

In any enterprise, if the processes are well managed, the data will be too. However, not every enterprise is disciplined enough to manage their processes well and unfortunately, this gets reflected in their data too. You will tend to hear of these symptoms with labels like, ‘data quality’, ‘data swamps’, ‘data something or other’. But, the real root cause is a lack of discipline with the enterprises processes. And if the processes are cross-border, you are coming close to nightmare scenarios with data protection.

Since, the ‘process of life’ has now gone digitally global for almost everyone who has an internet connection, so has the data too. The good news for individuals is that now there is a good chance to be protected against in-disciplined businesses, legally.

For enterprises though, they will need to reinforce, their processes, if they have not already done so, to enable individuals have more control over their personal data, including through:

  1. The need for the individual’s clear consent to the processing of personal data
  2. Easier access by the subject to his or her personal data
  3. The rights to rectification, to erasure and ‘to be forgotten’
  4. The right to object, including to the use of personal data for the purposes of ‘profiling’
  5. The right to data portability from one service provider to another
  6. It also lays down the obligation for controllers (those who are responsible for the processing of data) to provide transparent and easily accessible information to data subjects on the processing of their data.

Knowing how certain enterprises ‘frighteningly’ manage their data, I am glad that these protections are being enforced.  As for enterprises that aren’t good at managing their data, a good start is to get a grip on the business processes that manage the life cycle of the persons data and this may well be a start in your pursuit of your billion-dollar byte.