GDPR - don't ditch the data
Peter Ruffley, chairman at Zizo, warns against the danger of letting IT departments have full say over GDPR compliance, at the risk of losing important data
Over the past decade, the vast majority of businesses have invested heavily in collecting reams of customer data; indeed, this data increasingly informs every aspect of business strategy. It may, therefore, come as a surprise to many CMOs and CXOs to discover that a number of IT teams are planning to delete vast swathes of this customer information over the next 12 months. Why? Because they simply cannot see any other way of achieving compliance with the forthcoming General Data Protection Regulation (GDPR).
Customer Data Value
With now less than a year to comply with the GDPR, there are worrying signs that organisations are beginning to panic. Coming into force on 25th May 2018, the GDPR is designed to empower individuals, putting the customer effectively in charge of his or her information. From strict retention and destruction requirements to a right to be forgotten, compliance can only be achieved if organisations have a complete and up to date view of all customer information.
This is clearly a concern for IT departments facing the need to consolidate information located across systems - both corporate and, in the age of shadow IT, those owned by the end users. With ‘personal data' encompassing so many definitions, this information will not only be disparately located but also stored in different formats and owned by different parts of the business. Using traditional data management technologies, the task of pulling this customer information together into a single view is complex, expensive and time consuming - especially for a compliance exercise considered to be nothing more than a business cost.
Is it any wonder that IT teams are looking at the data resources and beginning to make arbitrary decisions about customer data value? Why retain customer preferences, for example, or marketing history? Such data just adds complexity to GDPR compliance, so why not just retain the basics of identification and purchase history? For the IT team tasked with achieving GDPR compliance, the sheer risk of retaining much of this customer data appears too great - hence the decision to delete. But what about the business owners; the marketing director and customer experience manager, the individuals who have carefully crafted strategies based on this critical customer information? What happens when this essential data resource suddenly disappears?
Lost Opportunity
This lack of connection between IT and the business information owners is just one more sign that organisations are failing to recognise the implications of GDPR. According to a recent Sophos survey, just 6 per cent of UK firms regard GDPR compliance as a priority; indeed, 20 per cent deem the new data protection regulation to be a low priority. Yet failure to recognise the business implications of GDPR extend far beyond potential breach and fines: data deletion could fundamentally compromise business operations.
The onus is on organisations to determine data value and data quality today. It is more than possible that some of the vast quantities of customer data will not be worth keeping - it could be inaccurate, out of date or simply irrelevant. But who knows? Without a way of quickly and effectively assessing that data, who will take the decision to delete or retain?
And what about May 26th 2018? What happens to the data being collected by sales, marketing and customer service the day after GDPR comes into force? This is not a one-off event, but a continual process. If the compliance strategy is based on the deletion of all ‘irrelevant' customer data, then the organisation will have no choice but to continue this approach to remain compliant, and stop recording any but the most basic customer data. Effectively, all of the great data-driven project ideas and initiatives of the past decade will be dead.
Taking Control
If organisations are to avoid this potential disaster, business and data owners need to be far more proactive and take control of the way in which GDPR compliance affects customer data. GDPR is definitely not simply an IT project - the underpinning data is too business-critical for that.
Rather than make this an expensive, long and drawn-out IT project, the latest generation of cloud analytics can be used to gain an overview of the quality and value of its customer data.
Consolidating multiple data sources to create a single customer view can be achieved within weeks, and provides the starting point for GDPR compliance. With a single repository of business data, organisations can quickly see whether that data needs work: from deduplication to deletion or missing data, a rapid data overview provides clarity to compliance requirements.
This model not only safeguards critical business information and provides a foundation for GDPR compliance, but can be the basis for effective digital transformation.
Conclusion
A knee-jerk ‘ditch the data' response to the challenge of GDPR compliance could devastate a business. Not only would it lose its current collection of data, but it may struggle to record new data or deploy new systems, due to the fear of becoming uncompliant.
The GDPR today is being addressed as an IT issue, but the regulation is about data - and that data is owned by the business. It is at the heart of essential digital transformation Initiatives, and it defines corporate strategy. GDPR is a major business issue but it is time to ask: is your business about to burn its bridges by ditching this vital data resource?
With over 40 years' experience in the IT industry, including working with some of the biggest data technologies such as Oracle, IBM and Ingres, Peter is the founder of Zizo Software. With a keen interest in cloud analytic technologies, Peter understood the move to cloud analytics was underway, and assembled a team to create a new type of technology, suited to deliver big data analytics and pattern database services at scale in the cloud. That technology is Zizo.