Next, is establishing data governance policies. These could relate to implementing parameters around opt-in periods, or archiving historical data, for example. Finally, organizations need to foster accountability. Appointing a DPO might be mandatory for most businesses, but the DPO alone cannot be the one who enforces the rules for data protection across all the systems in the company that refers to PII. For example, the data trail for one customer might cover information held in the sales department, as well as data in marketing, finance, legal, maintenance, and even mobile or internet of things’ systems. Within each of these systems, the person responsible for managing that data is likely to be different. Collaborative data stewardship that is empowered by self-service apps will be critical in successfully supporting this self-service approach and in fostering accountability across all stakeholders.
Finally, there is a need for businesses not just to protect their data but also to open it, using data integration and data services technologies. That’s particularly important because, under the terms of GDPR, the data subject has the right to ask organizations to provide them with relevant data they hold about them. They can also ask for the ‘right to be forgotten’, for corrections to be made if data is inaccurate, and for relevant data to be delivered to them in a machine-readable format.