Why Excel Sheets Won’t Cut it for GDPR Compliance
Like it or not, the General Data Protection Regulation (GDPR) is happening—and in less than 100 days. With the countdown in full swing, many companies have elected to hire consultants to take on the task of complying by the deadline. In most cases, consultants will deliver spreadsheet files and flowchart visualizations to meet the regulation standards. Even though some supervisors have deemed this method as sufficient for compliance purposes, it opens the door to a whole new set of challenges after the fact.
Before you dive into the world of GDPR compliance with a heap of Excel files, consider the following business challenges and the steps you can take to avoid them altogether.
Compliance is not a one-and-done project
Digital transformation has revolutionized the way we do business. Regardless of company size, industry, or consumer, we’re digitizing every element of our organizations to increase efficiency and keep up with the competition. With this movement comes a massive increase in the production and consumption of data. As data becomes a core part of everyday business, compliance is more than just a nice-to-have. The way in which you approach compliance can be a key differentiator for your business.
As the GDPR deadline comes into view, it’s important to remember that this isn’t just a one-off task. Maintaining your processes and data afterwards is going to require upkeep, and a lot of it, so building your strategy without scalability and reusability in mind is a huge mistake.
But that’s where data governance comes in; not yesterday’s governance that was primarily focused on policing and restriction, but the modern take on the concept that promotes collaboration and sharing by allowing users to find, understand, and trust their data in the context of appropriate data policies.
Instead of creating a desktop folder for those files and calling it a day, think about what data governance can help you do with this data beyond GDPR. Data governance can be the foundation for all of your regulatory needs by providing a framework for managing and defining enterprise-wide policies, business rules, and data assets to assure the necessary level of data protection and quality. It gives your data context, so you can get the answers you need to address complex issues like personal data breaches regarding GDPR compliance – and more. If you can find the data and understand it (i.e. where it’s being used, who is using the data, and why), you can report on it and have confidence that the items you’re providing regulators are trustworthy.
Governance can also prepare your business for additional data functions including:
- Future compliance (ePrivacy, PSD II, etc.)
Our data-driven world is demanding a certain level of protection to the data that we collect. Our users and customers are more aware than ever that the data collected via end user tolls like online subscriptions and services, devices (think: IoT), and other emerging channels will be shared and ultimately used. And honestly, they’re generally okay with that. Users do expect their data to be used securely, though, hence the flurry of other new data privacy regulations on our horizon. Upcoming laws like the Payment Services Directive (PSD II) and ePrivacy are going to continue putting pressure on businesses to frequently provide proof of compliance.
By relying on tactical solutions like spreadsheets, word docs, and diagraming tools to meet data privacy regulations, you’re making it virtually impossible to maintain this information on an ongoing basis and reuse this work for future regulations. All of the resources you’ll have dedicated to this project will have to be replicated several times over in the near future to meet compliance standards of these new policies.
To effectively collaborate, teams typically maintain live documents. Using disconnected and unrelated static files and spreadsheets in silos makes updating and sharing this information challenging, and leaves a lot of room for human error.
In the case of spreadsheets, for example, the file needs to be updated in every instance where the element exists. Sharing data via spreadsheet files means that there will often be several versions of the same file, sometimes residing on several different machines. To make updates, all of these versions need to be revised with the same information or else they will be out of sync. This will degrade the level of accuracy of the data, and therefore the confidence and trust in that data will be lost.
Implementing a data governance solution allows you to build relationships between all the information that’s collected from different points of view. Rather than all of your departments and teams working in silos without any visibility into what the other is working on, you can make connections between all of your collected data and allow everyone in your organization access to it. This promotes an agile working environment and reduces the time spent resolving issues due to confusion or accountability.
When you make updates in one platform, they are automatically applied to all of the other locations where that data is referenced. These updates are also logged as they are made so all of your users are aware of what has been changed, who made the changes, and when they occured. Traceability eliminates the need for multiple versions of the same files and increases the trust in your data.
The Collibra Platform
Data governance provides a foundation for your GDPR compliance efforts and will serve your business long after the deadline. We developed our solution by working with individuals with a deep understanding of these regulations who partner with data privacy professionals and legal experts to offer the features and capabilities that will make your compliance efforts more efficient and sustainable.
Our out-of-the-box solution provides a centralized inventory of personal data across the business and technical landscapes to allow you to find your personal data assets using full text or regular expression search. The Collibra Platform makes capturing and classifying your personal data easier and more effective as well; you can turn process and process activities into a process inventory and personal data elements into data dictionaries and data sets, while managing the roles and responsibilities surrounding each of these items. You can also track data sharing agreements, activities, and usage, and the principles and policies that govern them.
Privacy notices play an important role in compliance. Using our data governance solution allows you to capture such privacy notices and know when they were sent, to which categories of customers, and become aware of relevant consent information. You can track separate privacy notices for individual groups of data subjects and understand the required formulation for each subject category. Collaboration workflows can be used to include all of the relevant aspects of the business, which allow you to capture each step of the data processes.
There are many moving parts to GDPR compliance, so it can be a difficult task to manage. A proactive, organized strategy is the key to successfully completing and maintaining compliance and worth investing every bit of time and effort to future proof as data privacy regulations evolves into more complete and complex. Though you may have already started rigorously working on a GDPR compliance project, either internally or with consultants, just remember to make sure you have the right solution and framework in place to produce effective, sustainable results.
Ram Naresh Pratti is responsible for fast-tracking Collibra engagements and centralizing Data Governance thought leadership to influence product features. Previously, he was Director of Professional Services and responsible for all Collibra implementation activities. Before joining the Collibra team, he was a Principal Consultant & Enterprise Information Architect specialized in enterprise re-architecture initiatives. He has nearly two decades of information management expertise in the Financial, Insurance, Retail, Healthcare, Hi-tech, Oil and Gas industries.