Following the GDPR: Embrace Best Practices That Would Benefit The Organization Regardless
The European Union’s General Data Protection Regulation (GDPR), set to come into force from 25 May 2018, has primarily been viewed in terms of the challenge it poses for data security. However, for those in control of customer data, its effects go much deeper. Ensuring data privacy means not only securing data, but also ensuring that it is stored appropriately; that customers have access to their data when required; that any data stored is accurate; and that, if requested, data will be removed or transferred. An organization that has focused on security to the exclusion of all other concerns could still find itself at risk of not meeting GDPR compliance if it hasn’t paid enough attention to the regulations’ data management demands.
This blog focusses on the value that the Golden Record might have for any organization looking for a reliable compliance solution.
At Quadient we strive for excellent customer experience based on reliable data.
One of the ways to make this happen is to provide our customers with a Golden Record for each of their contacts; a single, unique overview of the individual’s data, history with the organization, and all contextual information.
Ultimately, the true value of a Golden Record is its ability to present a single source for all information on the customer; in an easy-to-share format that may then be transferred to the customer or other organizations without issue. If the organization is confident there is no potentially sensitive data out of its control, and it has full control over all that data which it holds in the Golden Record, then it is able to focus on using data to improve or expand on the services it offers, instead of being concerned that it is at risk of non-compliance. Ultimately, following the GDPR means that organizations should embrace best practices that would benefit them regardless.
The benefits of a Golden Record go beyond simply offering a single repository for customer data. With a Golden Record in place, organizations are able to use specific tools to help ensure they are meeting their privacy obligations.
For instance, data controllers are able to set the sustainability of data sets; whether by a fixed expiry date, or linked to other systems. Automated Golden Record tools will then mark expired data as ready for removal: these data may then be reviewed by the data controller and removed manually or, if preferred, removed automatically. Either way, organizations will be certain that data is deleted when needed, rather than being kept a single second longer than necessary. Personal data can also be designed to either be removed completely, or removed from use by specific source systems: meaning it will be deleted for some services without affecting others. Essentially, consumers are able to request the right to be forgotten to whatever extent they desire, rather than having to take a blanket, all-or-nothing approach.
In addition, a Golden Record automatically generates documents summarising the data held by an organization which a data controller may then share with any customer that makes a valid request; either physically or over email. Putting the process under the remit of the data controller means they are able to ensure any requests are being made by the customer themselves, and so ensure that customers’ privacy is not being compromised. Similarly, data controllers may either keep control of editing Golden Records, ensuring that data is edited swiftly if a request for rectification is made, or alternatively offer self-service portals to allow individuals, once validated, to make corrections themselves.
These are just a few examples of the benefits a Golden Record will bring. To explore this topic further, and learn how a Golden Record might help your organization to be prepared for the GDPR, we invite you to download this free white paper: “How to meet the Gold Standard for data privacy”.
Additionally we offer a free copy of "Gartner Report: Top 19 GDPR FAQ’s Answered".