ENTITY WHITE PAPER
Why GDPR and
Data Strategy
are two sides of
the same coin
ENTITY WHITE PAPER
GDPR AND DATA STRATEGY
Crossing the
GDPR Data Delta
Let’s state it right at the outset – compliance with
the General Data Protection Regulation (GDPR)
should be considered as one part of an holistic
Data Strategy rather than as an isolated activity.
Primarily, we at Entity Group see the GDPR Regulation as an opportunity for organisations acting
in the role of Data Controllers and Data Processors to build trust with Data Subjects (the individuals
whose data they hold) to become truly customer/citizen/employee centric.
All too often organisations do not have that holistic data strategy in place and are, therefore, in no
position to take advantage of opportunities afforded by GDPR or any other regulatory obligation.
The truth is that data governance and information management strategies very often get ignored
because they are difficult to articulate and seem even more difficult to execute. However, we
believe they are achievable with the right assistance.
The factors to give thought to within a data management approach to GDPR are:
Adopt a practical, proven approach that will focus on
delivering business value – a Roadmap:
We believe that the gap between the data organisations have today, and the information or
business advantage they want to have tomorrow, can be defined in terms of a ‘Data Delta’. For
example, achieving digital transformation is often a huge headache because of this delta that
exists within most organisations, and yet it must be bridged if companies are to truly embrace
digitalisation and survive. GDPR compliance is a specific example of a Data Delta that needs to be
crossed and it can be approached with tried and tested data management techniques. We have
spent many years working with organisations of all sizes and sectors to help them to cross their
own Data Deltas. This knowledge and experience has crystallised into our own method, described
in our published book called “Crossing the Data Delta”. This is available at the Entity Group
exhibition stand and provides a host of guidance on data management challenges. Whatever
your interest in what today’s market is calling Data Science it should have something for you. As a
preview, it starts with the six Principles to bridge the delta which are:
1. Data must be Governed and Owned
2. There must be an agreed Description
of the data
3. Data Quality must be defined, measured
and managed
4. Principles of Access need to be
established; the data lifecycle, storage,
privacy and security
2
5. How data is Used and Shared needs to be
agreed; how systems are integrated;
6. Data which needs to be Controlled,
and how and by whom, needs to be
established, so that business applications
can be successfully implemented
GDPR AND DATA STRATEGY
ENTITY WHITE PAPER
Entity Group’s Data DeltaTM method
ORGANISATIONAL STRATEGY AND GOVERNANCE
OWNER
DESCRIPTION
QUALITY
ACCESS
USAGE & SHARING
IMPLEMENTATION & CONTROL
There is much more involved but hopefully it is clear that these data management principles all
apply directly to GDPR compliance and should be a vital part of your initiative. There are a number
of other approaches out there – the point is not to spend time reinventing the wheel!
Know which questions to ask and what to do with the answers.
For example, the GDPR area of Consent:
– What Personal Data do I hold?
– Why do I hold this? (For which processing activities/purposes?)
– Do I have specific consent and have I registered any objections?
– How will I continue to monitor and action consents and objections?
– Am I upholding the rights of the data subject?
The ability to answer these questions is what we define as Consent Mastering. It means having
a single version of the truth for all data related to an individual and the consent they have given
to use it. For compliance purposes this must be continually updated and available to any approved
consuming system. It is therefore a set of Master Data. Ironically, given that part of a GDPR
compliance initiative is a data management activity, consent mastering does require organisations
to identify, collect and hold even more data! Also, as with any other kind of mastering, this is an
iterative process not a one-off activity and therefore it is not merely answered by a technology
implementation. To truly address it organisations will need to look at the three core areas of
Process, People and Technology right across the organisational landscape. This is an integral part of
having a defined strategy for information management and a strong grip on data governance.
Use a GDPR specific data model:
No matter what your data management project is, a good, pre-defined data model can really get
your project off to a flying start. For a GDPR initiative it could act as an accelerator you can use to
map your organisation’s data; swiftly identify the data you might need for compliance and then
connect that with the data you hold on individuals. We recommend looking at items such as how
to uphold the rights of data subjects, ie Erasure, Inquiry, Objection, Portability, Restriction and
Rectification. You’ll need to understand who has ownership of the data and who is responsible
for maintaining it – these are essential data governance tasks even without the pressure of GDPR
compliance. So speak to us about our GDPR data model but again, don’t spend the short time you
have left in analysing the GDPR documentation and attempting to build one from scratch.
3
ENTITY WHITE PAPER
GDPR AND DATA STRATEGY
Understand how a platform approach can help from a technology perspective
One of Entity’s specialisms within the Information Management space is the successful delivery of
Master Data Management related projects. As such, we believe that the Consent Mastering aspect
of GDPR is of particular interest to organisations wanting to demonstrate responsible handling of
customer/employee/citizen data and build trusting, profitable customer relationships. Why? Well,
because it links through and is complementary to so many aspects of the Customer 360° view that
is the goal of many MDM implementations. MDM could be defined as enabling “you to join up
information relating to the same thing (a particular customer, supplier, product etc) from across your
organisation, so that you can get a single view of their interactions and transactions”. Consent is
just one part of that 360° view that needs to be mastered. However, in the first instance you might
be struggling to show who owns data in your organisation and how it flows around. Equally, the
ability to visualise this ownership and these flows can help to promote collaboration and buy-in
which are valuable in the process of building a business case for an enterprise MDM project. There
are technologies available to help with that part of the process and many other related technical
capabilities can play a part in the process such as Data Integration, Data Quality, Data Cataloguing,
Data Security, Data Lakes – the list goes on. Therefore a platform approach from a technology
perspective – where the individual components can be used stand-alone or as part of an integrated
whole can be an extremely useful one. An example of a platform for Data Governance is below.
So how to get started? You need an action plan – a roadmap. this is a topic that we’ll be covering in
our forthcoming GDPR Consent Mastering white paper and our webinar (which you can register for
here). We’d love to talk to you in more detail about GDPR or any of the unique data management
challenges you face, and share some more of our experience with you to help you cross your own data
delta. Whatever you decide to do though please take a broader data management approach so that
dealing with GDPR compliance can be the beginning of an effective Data Management journey for your
organisation or an improvement to the one upon which you have already embarked. Safe Travels!
Click here to register for our upcoming
GDPR Consent Mastering webinar
For more information please contact:
980 Cornforth Drive, Kent Science Park
Sittingbourne, KENT ME9 8PX, United Kingdom
[email protected]
+44 (0) 1795 415 800
www.entityroup.com