Over the last period, data have become one of the most important assets that a company holds. As a result, it plays a key role in the digital economy. You can even think of it as the currency of the future. The progress of technology is continuously making it easier for companies to acquire, store, process, and exchange data. In these circumstances, the EU adopted the GDPR. Its aim is to unify the laws regarding data protection across the EU member states. Also, it will improve the level of privacy of its citizens. It is the “most important change in data privacy regulation in 20 years”, as noted on EU GDPR website.You will have to make considerable efforts to adjust your current way of handling data, and a particular focus will be on data cleansing and de-duplication.
There are less than 90 days until the GDPR will come into force. As a result, it is important to stress out that there are important changes coming. These changes will impact how you store and process your customer’s data. If a company fails on one of these aspects, it could lead to fines up to EUR 20M or 4% of previous year’s turnover, whichever is the greater. Beyond these administrative fines, GDPR allows for the right of data subjects to claim compensation, should they suffer from security breaches.
There are several steps you should take to comply with GDPR and avoid such fines.
Let’s have a look at the most important ones.
- Data Cleansing and De-duplication
One of the core tenets of GDPR is data minimisation. Data processing activities have to only use as much data as is required to get a task done. Data minimisation if referred in five separate chapters. Therefore, it is impossible to comply with the new regulations without applying the concepts.
Therefore, having a database free of duplicates, up to date and accurate is becoming essential. Starting with 25th of May, you will have to make a continuous effort to remove unnecessary and redundant information, using data cleansing and de-duplication.
Besides this, Data Breach and Subject Access Requests notifications will require you to make contact with your data subjects in a reduced timescale (30 calendar days vs the current 40 days)
We think now is the best moment to start your data cleansing and de-duplication exercise. You should also consider updating your records to maintain a single view of each customer, and make sure that your employee’s records are updated and secure.
- Raise awareness
It is key to make sure that the most important stakeholders inside your company are aware of the changes. To comply with GDPR you will have to make significant adjustments in how you operate. These adjustments are time consuming and also require important resources. We think it is better to prepare in advance and have all set-up before 25th of May.
- Document the data you own
GDPR holds mandatory that you maintain records of your data processing activities. For the personal data, you will have document its source and also to which 3rd parties you are sharing it with.
- Update Policies and Procedures
The changes that GDPR brings will have to be echoed in your policies and procedures, most important ones being Data Protection, IT Security, and Data Retention. You have to make sure that all the needed updates are in place before the end of May.
GDPR requires a review of the security measures currently in place. For example, we noted that health information is classified as a special category under the new law. This means that you should carefully consider who really needs to have access to it
To comply with the new regulation, many people in your company will have to understand the rules and adhere to them. In this respect, we recommend you to organize dedicated trainings for your staff, so that each employee will master his obligations.
- Appoint DPO
If you are a public authority or:
- Undertake processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, or
- Your core activities consist of processing on a large scale of special categories of special data (health, religion, and the likes.) and personal data related to criminal convictions and offences
It will be mandatory to appoint a Data Protection Officer. However, taken in consideration the broad scope of GDPR and its complexity, we advise you to appoint somebody to take responsibility for GDPR compliance even if you don’t fall in one of the above categories.
To comply with the new law, a company have to engage in a laborious and complex process. With less than 90 days left, we understand if you are anxious about it. But you should not worry because there are tools available that can significantly help you save time and money. As we have seen in this article, two of the key aspects of GDPR compliance are data cleansing and de-duplication.
WinPure, with its award-winning data cleansing de-duplication mechanisms, will help you comply with GDPR requirements by making sure that your mailing lists, databases, spreadsheets, CRM’s and other lists are clean, correct and do not contain any duplicate records. Here you can find out more about WinPure and our GDPR solution.