Article by: Hugh Milward, Director of Corporate, External and Legal Affairs at Microsoft UK
Businesses affected by the European Union’s General Data Protection Regulation (GDPR) have May 25th marked on their calendars. This is the compliance deadline for the new legislation, a major moment in law as individuals, companies and governments embrace data to learn more about themselves and the people they interact with.
Ninety percent of all the world’s Internet data has been generated in the past two years. The huge growth in the volume of data that people generate – coupled with technology that can extract actionable, predictive insights from it – is empowering businesses to offer more personalised experiences to their customers, achieve unprecedented efficiencies and bring new products and services to market, faster than ever.
Given the shift in business, an updated governance framework for protecting data is required. However, executives don’t just see GDPR as a compliance hurdle they need to clear, they also see it as an opportunity for transforming their company. The compliance benchmarks that GDPR sets out are the same ones that an organisation needs to meet to become a data-driven business.
There are two ways in which companies are approaching GDPR compliance. The first approach is to count backwards from May 25 and create a schedule featuring key moments as they get closer to that date. This is a sensible method when resources are constrained and time is limited.
In preparing for ‘GDPR day’, there are four steps to keep in mind to ensure you remain on course.
Understand what data your company holds and how it is used, establish processes to govern who manages that information and make sure it’s protected. Finally, ensure you can offer clear reporting on how your customers’ data is handled in case regulators require it.
Companies are increasingly looking at a ‘compliance+’ approach that goes beyond data discovery, management, protection and reporting to anticipate future developments. For example, working with a cloud vendor that is committed to complying with all relevant regulations – at a national, European and international level – provides a business with added confidence.
Firms that are using GDPR as an opportunity to change how they work will have a significant advantage in their sector. These organisations are empowering their staff to collaborate and access information from anywhere and with any device. They understand the potential of using technology such as artificial intelligence and machine learning to meet changing customer needs and the challenge from competitive.
However, technology must be introduced in tandem with the right skills to utilise it. Innovations such as AI have a lot of potential, but employees need to know how to properly capture, store, use and protect data, or the value that the technology offers is diminished. Only accurate data can give businesses valuable insights.
Business leaders such as Chris McCall, Chief Technology Officer at public sector recruitment specialist Affinity Workforce, understand the need to combine tech with skills: “Our line of work involves handling lots of confidential PII (Personally Identifiable Information) and heeding GDPR compliance, which makes security and data protection top of our agenda,” McCall said. “However, with our technology strategy we wanted to tread the fine line between implementing stringent security standards and being agile – removing restrictions on the types of tools we could use and enabling our workforce of more than 400 people to work more flexibly.”
The ability to manage and protect data is not only a compliance necessity, it’s also important for building trusting relationships with customers. According to Harvard Business Review, 97% of people expressed concern that their online personal information might be misused. As every company becomes data-driven, being able to offer full transparency around data usage and policies will be crucial.
Forward-looking leaders see GDPR as way to help build a data-driven culture in which each person – from interns to the Chief Executive – sees themselves as a data champion. They are using this opportunity to clearly communicate their vision of how data will take their business forward in a cloud-first world. This means ensuring all employees understand their role in using data responsibly to help customers, unlock growth opportunities and outperform their competition.
To help your organisation to be GDPR compliant, Microsoft has released Compliance Manager Preview, which is now generally available for Azure, Dynamics 365 and Office 365 Business and Enterprise subscribers in public clouds.
Microsoft’s approach to GDPR is being utilised by companies including Redwood Bank, which said it is benefiting from the technology firm’s ‘ongoing commitment to compliance with the GDPR Data Protection requirements and particularly the commitment to building privacy by design into the development of Microsoft services.’