Many of us have heard about the EU General Data Protection Regulation (GDPR) and understand there are various obligations and requirements to comply with. If we don’t adhere to the GDPR, we are also aware there are big fines which will be levied by the data protection authorities. However not everyone is actively involved as part of their day to day role in working out how to bring all this together before the deadline is reached on 25th May 2018. Business carries on as usual, deadlines and KPIs need to be met…but increasingly the question is asked “are we GDPR compliant?” For those of us that are involved with answering this, it seems that some form of collaboration is inevitable. There are very few organisations who can manage all of this themselves.
To deliver GDPR successfully, clients (data protection authorities, data controllers and data processors) and suppliers with relevant expertise in policy, people, platform and process need to work together. We’ve created a GDPR collaboration model of overlapping service and solution expertise from suppliers on the one side in order to meet obligations and requirements from clients on the other.
This is what we are seeing with our partners and their clients. At Datastreams.io we have expertise in GDPR ready, privacy by design software. In keeping with the “4 P” (Platform, Policy; People, Process) right hand side of this model, we therefore deliver a technology “platform” for our partners. These partners are in the main, data processors working on behalf of their clients, who in turn are data controllers. We empower data-driven collaboration by providing governed access to trusted data sources. Our Data Stream Manager (DSM) ensures instant, compliancy first data logistics for our partners and their clients. With the DSM they get the right data, in the right place, in the right format, at the right time.
Ok, so far so good and in terms of data-driven logistics – this alongside our consent manager – is what we are predominantly bought in to deliver. However, we completely recognise that this by itself is not enough to do everything that is required under the GDPR. Other software platforms might be required for other requirements and/or client use cases, for example tokenisation and pseudonymisation. In order to do this, our DSM easily connects with experts in that domain, such as our partner Protegrity. We therefore openly work with other experts across this collaboration model to help our partners.
Taking this model further it’s clear that if you want to achieve compliance across your organisation, you need to work collaboratively with experts in other areas as well. Do you have in house people expertise in the form of a Data Protection Officer (DPO) or do you need to outsource one? Do you have consultants (in house, or externally) who can deliver the technical and business-related process expertise for effective data management and governance? What about the legal advice you need to understand how GDPR applies to your organisation, your contracts, data processing agreements, policies and procedures etc? Even the largest organisations aren’t always able to do all these things in house and this naturally this applies to SMEs as well as a practical step take a look at this next model, then think about these four areas within your organisation and plot the people or teams or partners you need to work with for each one.
You will soon see that to achieve what needs to be done in terms of GDPR at your organisation, will require some degree of data-driven collaboration. This collaboration will need to be resourced, contractually agreed, then managed and operationalised so that all parties are clear on what they are doing to deliver and do what is required in a GDPR compliant way. This collaboration needs to be robust enough to not fall foul of the data regulatory authorities and satisfy the individual rights of each and every EU citizen, whose data you might be collecting and/or processing. Don’t forget, this applies even if your organisation resides within the EU, or outside of it, come May 25th 2018!
We are open to data-driven collaboration to help our partners and their clients meet their GDPR requirements and obligations…are you?