Good governance in the era of GDPR
Ramez Dandan, regional technology officer for Microsoft Gulf, says organisations should manage data like they manage money
Any business leader worth their salt knows that watertight financial governance is the building block for organisational success. Establishing and implementing policies that regulate financial processes, outline how the organisation and its resources should be administered, define investment priorities and set the course for the company’s future, is key to any profitable business. So too is the ability to demonstrate the impact of such policies when needed – whilst preparing for an annual audit, for instance.
But what if I told you that many businesses currently lack oversight of one of their greatest assets?
The value of data to modern organisations is undeniable. A recent McKinsey Global Institute study revealed that “data flows now exert a larger impact on GDP growth than the centuries-old trade in goods.” Media headlines refer to data as the “new oil” or the “new electricity” – although neither analogy quite captures its nature as an unlimited, ubiquitous commodity generated by businesses all over the world. Our own customers frequently emphasise that data is the lifeblood of their organisations. Data-driven services help optimise existing product offerings or open up entirely new opportunities, such as the use of predictive maintenance services which can anticipate failures in manufacturing.
In short, data is the most important asset in a modern company’s business portfolio – and it needs to be managed as such.
In this context, the General Data Protection Regulation (GDPR) is a logical policy development. At its heart, the GDPR is about guaranteeing the privacy and integrity of individuals’ data, in our evermore digital world.
With the deadline for compliance just less than six months away, many companies are thinking about what steps they should be taking to meet the new privacy and data protection requirements as efficiently and effectively as possible.
In my view, achieving this depends on how you address three things: people, processes, and preparedness. With that in mind, here are some guiding principles for to help you get ready for May 2018.
Manage your data like you manage your money
Every business maintains strict processes for tracking revenue, costs, and all manner of financial flows. They don’t just do this because it’s required, but because it makes business sense. After all, you can’t map your company’s future if you don’t know your current state of financial affairs right down to the bottom line. Companies need to maintain the same birds-eye-view of their data assets, via a solid data governance strategy.
Developing this strategy demands that you answer several key questions: what, where, who, and why?
To begin with, an audit is a logical first step. Making a comprehensive inventory of the data in your company’s possession will show you exactly what kind of data you’re collecting and storing, where it sits, and why you have it in the first place. Tools to do this include the ISO 1944 standard for data categorisation and data use. Getting your house in order in this manner creates a strong foundation from which you can ensure you are getting the greatest ROI from the data you have – just as an accurate overview of your financial assets enables you to make smart investment decisions.
Once you have established this baseline visibility, consider how you can maintain it over time. Migrating to the cloud is one way to do this, as it lets you bring together disparate data sets. However, before you choose a cloud provider, make sure they can answer some key questions. Who has access to your data, and on what terms? Where is your data stored? How will your cloud service provider respond to government requests for your data, or help you meet your compliance requirements? It’s vital to ensure your cloud provider is committed to offering full transparency over your data. After all, you wouldn’t hire an accountant who couldn’t tell you exactly where your investments are at any given moment!
Create a culture of data confidence
Effective data governance demands a people-first approach.
Employees in all departments – from marketing to finance, sales to HR – handle data every day. But how many realize how valuable it really is, and how the right usage of data can help them be more productive and connect more effectively with customers? Fostering this understanding is vital for employees to feel personally invested in your company’s approach to data governance. Once this has been established, it will also be easier for employees to realize the importance of adequately protecting data, as they would any other high-value company asset.
Embedding this culture across your company takes time. However, placing your approach to data governance within the context of a broader digital transformation can streamline the process. In this way, employees are better prepared to explore new, sometimes experimental avenues for data utilisation, to course-correct when necessary, and help others learn from their experiences. The GDPR was developed in part because in our digital era, people want more control over their privacy, in order to trust technology. Creating this confidence, both within your organisation and with your customers, is key to making sure you’re making the most of data-driven, business-critical insights.
The May 2018 deadline for GDPR compliance is not a final destination. Rather, it’s just one stepping-stone in an ongoing journey towards realizing the full potential of digital transformation across economies and communities. Viewed in this light, establishing a firm approach to data governance represents one of the smartest investments a company can make.