Guardians of the Data Privacy Galaxy

October 9th, 2018

When we give our personal data over to any organisation we want to know it's in safe hands. So how can organisations become better guardians of the personal data they hold, in what seems like a galaxy of data privacy rules and regulations?

Here are the 5 ways to become a better data custodian under GDPR:

1. Build a Data Culture

Do you truly understand the personal data that sits within your organisation? It is paramount that all staff, from board level to juniors, understand the implications it has on them. This is where a strong culture of data education and data literacy needs to be driven along with a mentality that GDPR compliance is just the start of the journey and not a finish point for all businesses.

2. Understand the Importance of Data Governance

With roughly 25% of data breaches coming from inside an organisation, it is more important than ever before that businesses ensure only authorised personnel have access to the mission critical data needed for their role. This isn’t something that is achieved over night, it requires education, a strong and flexible data governance policy and it helps if you have an agile data analytics platform that can report and even enforce it.

3. Ensure Consent is Effectively Managed

I am sure your inbox, like mine, has been flooded with emails from organisations asking your permission to continue receiving their emails. I really hope those organisations have clear visibility across all their marketing systems as any misalignment could be deemed as non-compliance. Keeping a strong audit trail of when and how consent was captured as well as tracking Opt-in/Opt-out will help keep organisations on course and avoid any complaints.

4. Audit Data Retention Policies

Do not keep any personal data longer than is necessary. Business leaders must ensure their organisation’s data retention polices are up-to-date and well understood. Be organised and continually enforce good auditing practices of files and records across all systems so you know what needs to be deleted and when.

5. Responding to Data Privacy Requests

GDPR gives individuals greater rights over their personal data and are encouraged to exercise their rights. With 40% of consumers expected to make requests on exactly this, business leaders must have an action plan in place to ensure they are ready to respond and share all details within the time frame outlined. Locating such potentially vast amounts of data could take a lot of time and resources. Why not consider self-service portals that empower individuals to gain access to their own personal data and build trust.


For more information, visit: