On the 25th of May 2018, the European Union (EU) passed the General Data Protection Regulation (GDPR) which placed an emphasis on how organizations will handle customer’s data and keep it safe all the way from initial filing/collection to deletion. This is the first time that there has been such a comprehensive set of standards for personally information. GDPR isn’t just restricted to just EU businesses either but to any organization based in the EU or doing business with EU customers.
All processes must be designed with measures in place to ensure that the data protection principles that have come with GDPR are strictly upheld. This has resulted in new developments such as data not being available to the public unless granted explicit and informed consent by the customer or data subject and no data being processed without proper legal basis as specified by GDPR.
Other new developments include; the data collector specifically stating the purpose of the data being collected, if it is being shared with another party, how long it will be retained and ability of the customer or data subject to revoke consent to data at any point in time. All these developments barely scratch the surface of the complexity of handling data in this GDPR era. Complying to all these rules is key as the financial implication of breaking the GDPR results into fines worth up to EUR20 million or 4% of annual turnover.
One thing that helps in being GDPR compliant is the use of a well-managed Single Customer View (SCV). The Single Customer View is an aggregated, holistic representation of all up-to-date customer data that is viewable in one place, in an integrated solution. That is, instead of having data in bits and pieces across systems, all the data is integrated into one place. SCV solutions generally track data lineage and the source of the data.
This provides its benefits in several ways while also being GDPR compliant. GDPR requires organizations to delete all data when a customer revokes consent, having all the data in one place makes it easy and simple to remove all the data from production systems and applications.
Customers now have a right to move their data from one organization to another. This means that if a customer wants to move data from one organization to another, all the data to be moved is in one place and thus, moving is made easy with an SCV solution.
With the SCV solution data can be franchised to other downstream applications, with appropriate controls in place based on the applications data requirements and legal compliance requirements. SCV enables responsibility to be transparently assigned throughout the handling of data within the business. This ensure that actions are traceable from start to finish and ensures that auditing is easier as it does not require going through multiple data sets spread across the company. It will also assist in compliance with provisions such as Article 30, which requires controllers and processors to, “maintain a record of processing activities under its responsibility.”
All in all, any company with customers in the EU will need to comply with GDPR in order to avoid huge financial fines.
