Recently while listening to my Spotify Time Capsule one of my favorite songs from Squeeze popped up, it's called "Up the Junction" and it got me thinking about this new regulation around data privacy that you may have heard about, it's called General Data Protection Regulation or GDPR.
Now that we are firmly living in a post-GDPR world some organisations may well feel they really are up the junction when it comes to using personal data but many say that this new era of regulation heralds an opportunity, I agree, and I believe that data literacy is the key to unlocking this opportunity.
Data literacy is the ability to read, work with, analyse and argue with data. Becoming data literate will empower people to be fluent in the language of data not just at work but in their everyday lives. When you speak the language of data you can understand data. In this post-GDPR world understanding data is key to recognizing what type of data you are working with and deciphering what story it has to tell.
Respecting privacy rights is something all employees need to be able to do and complying with the regulation is everyone’s responsibility. A good level of understanding what personal data is will help to recognize the warning signs like we do every day when driving on the roads or if you're into scuba diving suddenly seeing all the fish disappear.
For example, let's say you want to know who are your top 10 customers for a given product or service, if you can see credit card and bank account numbers in the data that’s when you should Stop and Ask - does this really need to be there? - can I still get the same results I am looking for without them?
And while you are there why not ask other questions like ‘Do I really need to export this as a spreadsheet on my laptop?’ ‘Do I really need to know it's Joan Doe?’ ‘Who else has access to this level of detail and do they really need it?’
Because if you are in this situation then its sounds like more governance is required within your organization.
Strong data governance polices need to be in place and all employees need to know them and understand why they are in place, as well as any processes too. Data Literacy is a key to unlocking this understanding, having proper data governance through the fluency and understanding of data.
Other questions to ask are: Can your systems help enforce these controls without suffocating your people by locking down the data? Why aren’t you aggregating and anonymity sensitive data? Can you ensure only your authorized people are allowed access to the personal data if and only when required? And can you audit who has permissions and when did they last access what?
If your systems cannot do any of this then you need a data analytic platform that can.
Organizations need to embrace their ownership of personal data from the top down and empower all their people to have a good level of understanding data. After all, when everyone is data literate, everyone can play their part in keeping the organization on the straight and narrow, and avoid being up the junction when it comes to regulatory compliance.
Check out www.qlik.com/gdpr to learn some of the ways Qlik can help you in your GDPR compliance journey.