The companies’ data governance program is usually linked to the implementation of the General Data Regulation Program. And throughout time several articles have been written about to link the two initiatives but till none was so clearly distinct as the recent one on LinkedIn by Dennis Slattery. He made an analogy of a wedding between Governance and Privacy, which is very fitting but also highlights the fact that, a long term marriage with optimum success is based on the foundations that strengthen it with mutual efforts.
We can also take a similar message from the famous quote by Henry Ford – coming together is just the beginning, keeping together is actual progress, and working together is success.
Data analytics should tie its hands with privacy policies for a successful approach towards good business.
So, how can we make this marriage successful?
The GDPR regulation is quite clear on what it states, about things that must be done in order to protect the Data Citizen’s Rights. However, the bigger question most companies are facing is how to comply with regulations and/or go beyond the bare minimum and let GDPR work for them.
Majority of such discussions around the topic of how to implement GDPR today are focussed on one of two approaches – either top down or bottoms up. But we would argue otherwise, as these two approaches are not mutually exclusive and that a successful implementation of the GDPR must be based on a combination of these complementary approaches.
For the top down approach, the team for GDPR will reach out to the businesses to get a clear understanding of all business (data) processes, which involve either one or another. And for each of these processes like for third party credit checks, data analytics, address verification, and much more there are several attributes which must be clarified. Like for instance:
- Have they acquired consent for the particular process?
- What is the business purpose for the collection?
- Who is the controller?
- Who is the processor?
- Who is responsible as the Data protection officer?
- What is the period for retention of data?
- What type of data is collected?
- Along with several other information
However, it must be noted that this is not a one-time effort, once all the processes related to the personal data have been identified and classified they will still be needed to be maintained as the organization grows and evolves with development in its infrastructure over time.
The bottom up approach is a little more technical in nature. The businesses that have already established metadata management tools can then use these technologies to identify personally the identifiable information (PII) and then try and classify these data elements and assign the relevant attributes for GDPR. This approach shall quickly hit a bottleneck as the same data can be utilized for several business purposes and thus, cannot be classified for GDPR.
With successful implementation of the GDPR we will be able to marry both the approaches well.
Interested in a career in Data Analyst?
To learn more about Machine Learning Using Python and Spark – click here.
To learn more about Data Analyst with Advanced excel course – click here.
To learn more about Data Analyst with SAS Course – click here.
To learn more about Data Analyst with R Course – click here.
To learn more about Big Data Course – click here.