At Experian, we firmly believe the GDPR presents a positive chance to transform the way you organise and process your data. Our Chief Risk Officer, Julia Cattanach, recently summed it up nicely as an “opportunity to further strengthen data security and transparency, enabling us to maximise the potential of the data we rely on to deliver the best possible outcomes for customers, businesses and the wider society.”
We’ve come a long way
We take the responsibility of data protection compliance very seriously. In fact, since the first proposal was released in January 2012 as part of the EU’s legislative process, Experian has been working diligently with industry and our internal colleagues to evolve the way we think about data protection, and making sure we have prepared for today.
It’s really encouraging to see that many organisations have also been on this journey. Our latest research with DataIQ shows just how far they’ve come – virtually every organisation in the UK is now ‘very’ or ‘somewhat’ aware of the GDPR, with a significant increase in those most aware from 46% in 2016 to 84.3% in 2018. What’s more, there’s a clear growth in consumer awareness, six out of ten consumers now say they are aware – either ‘fully’ or ‘somewhat’ – of a new data protection law.
Delivering opportunity through compliance
We have long been advocates of the GDPR because it’s a catalyst to implementing well managed, ethical data practises that will give consumers greater control over their data and drive business advantage. It’s something that we already do for thousands of customers. Fortunately, many organisations are on the same page, 72% of those surveyed in our recent Global Data Management Research believe that the GDPR presents an opportunity to refine their data management strategy. I’ve no doubt that those organisations who have prepared well will start reaping the rewards very quickly; better customer relationships, the opportunity to innovate and more accurate insight to name but a few. You can read our blog on the 8 reasons why the GDPR can help boost your business to explore these further.
GDPR is now ‘data as usual’
So what’s next now the GDPR is in force? It’s very early days but the focus for organisations should ideally be on maintaining and improving the policies, processes and technology that they’ve invested in. In a nutshell, everything you did to get ready should now be ‘business as usual’ in a GDPR world.
By preparing for the GDPR many have made great gains moving further up the data quality maturity curve and that’s a position they should look to maintain and improve on. In fact, many organisations will find that the work they’ve done is essentially the foundation of a data governance function and so now is an ideal time to capitalise on that and put the final pieces in place to formalise it.
The GDPR journey is by no means over. As businesses make the transition into a world where it’s the norm there are a few areas to consider once the priority preparations are in place. Understanding where you sit across these can help you to plan next steps.
- What tasks still remain?
- Is a plan in place to handle them?
- Has the GDPR become BAU and are measures in place to make your readiness activities into repeatable processes for long-term compliance?
- Have you maintained your stakeholder group?
- Do you have any resource risks?
As the dust settles, we should start to get a sense of where UK organisations are at. As I said earlier, it’s important not to rest on your laurels, being proactive about embedding your GDPR processes and spotting areas which may require more attention are all important activities.
We’ve supported many customers on their GDPR journey and will continue to do so. You can read more here about how we can help, but a good first step to think about is a Data Integrity Assessment. This regular assessment of your data can be a good way to pull out any existing gaps but also to ensure integrity is well maintained over time.