Thursday 20 April 2017

With GDPR coming into force on 25 May 2018, one in four businesses are not prepared, and one-third do not expect to be compliant by the crucial date. With hefty fines potentially being imposed, the risk of non-compliance is considerable, so it is essential that as marketers we understand the issues and steps we need to take.

David Mead, Experian Data Quality, discussed the important first steps to take towards bringing your data up the maturity curve towards full compliance with existing data protection regulations along with GDPR.

This seminar hosted by Pinsent Mason was an opportunity for the audience to benchmark their level of preparedness and to gain an understanding of consumer concerns, as well as to sense-check their own GDPR plans against what the broader marketplace is considering.

David Mead talked through the preparation challenges which he put into three sections – access, accuracy and accountability.  Access is focused on SARs or ‘subject access requests’ which is the individual’s right to access information held about them and which have to be responded to within a month.  Accuracy is focused on proactive accuracy of data - minimising the amount of data held and only collecting data that is required.  Accountability is just that – having a Data Protection Officer who is responsible for the data you hold and your businesses data handling processes.

Most businesses will only be starting to think about what data they hold and where; whether their data is fit for purpose; can they justify the collection of personal data; and can they respond to SARs in the one month timeline.

So to get started, David advised taking a strategic approach to GDPR - investigate, assess, improve and control.  Understand your data, assess the data, improve the data and then control the data.  Investigate the processes surrounding your data, the location of your data and the data quality, which is key.  But what does this quality mean to your company – do you have any data quality metrics?  

He also suggested that companies should map out a data landscape analysis which is essentially a flow chart of how data is used.  This type of activity will bring the firm together to talk about data and assess the purpose versus permission of holding data, alongside the relevance and justification of holding certain data.  

David advised that businesses should create a relevance and justification matrix to include every element of data the business holds.  To improve the quality of the data businesses should actively clean the data held with a data accuracy fix from a single customer view because most businesses do not have any idea how poor data quality is affecting their business. Another method of improving data quality is by installing a data quality firewall which stops the addition of erroneous, duplication or poor quality data.  Or consider using a product such as Experian Pandora which improves data by consolidating, cleansing, transforming and standardising data, enabling businesses to accelerate all data related projects.

David finished by telling the audience that business is moving towards a data powered evolution and GDPR will empower people.  Organisations have to be accountable and will need to understand data to quantify risk and manage data to create reward.  Use GDPR as an agent for change.

Written by Isobel Hainsworth-Brear, PM Forum Yorkshire Chair
Director, Print-Leeds Limited