Last week, we spoke about Data Governance as an enabler for GDPR Compliance at the 2018 ITWeb GDPR Update.
Six months after GDPR was introduced many organisations are still not compliant, with data management implementation and automation listed as major concerns.
A McKinsey survey suggests that many companies put stop gap measures in place to meet May 2017 dead lines, and are now having to deal with the consequences of making those solutions permanent, scalable, and effective.
GDPR compliance helps with PoPIA compliance
In South Africa, companies must also comply with the Protection of Personal Information Act (PoPIA) which, fortunately, shares many requirements with GDPR.
This means that automated capabilities to deal with GDPR should be reusable (or easily adapted) to comply with PoPIA
What is the Collibra GDPR Accelerator?
Collibra’s GDPR Accelerator provides an extended data management capability that includes specific GDPR-related roles, responsibilities, workflows, reports and information.
The operating model is a data governance capability that automates key GDPR related tasks including key stakeholders via out of the box workflows. The asset model defines the data management artifacts and relationships that ,must be tracked in order to demonstrate GDPR compliance.
Why the Collibra GDPR Accelerator?
Each company is unique and has its own business model, data landscape and risk landscape.
GDPR compliance requires the flexibility to allow you, and your business, to adapt any framework to meet your needs, while ensuring governance.
Collibra is built around the principles of data governance, whilst the operating model is easily adapted an extended – making it a good fit to any environment.
Getting started is easy:
- Identify stakeholders and clarify their roles and responsibilities.
- Inventory how data moves across and beyond your organization.
- Assess what data and processes pose risk to the rights of the data subject.
- Put controls and safeguards in place to address those risks.
Data governance is data protection
To implement data protections that will drive real business value, you will need an end-to-end understanding of how data is captured, transformed, held, and destroyed. The Collibra enterprise data governance solution can help you put a framework in place to understand what data you have, where to find it, and who is accountable for it
Leverage the governance work you are already doing
At the end of the daya, GDPR (and PoPIA) are about data.
This does not mean that you should not get legal advice to ensure compliance – legal advice must drive your implementation efforts and define your success criteria.
However, the foundation of both acts is the need to take responsibility for ensuring that data is used in the interests of the data subject, and that data is used for its intended business purpose.
The Collibra Accelerator is about your company’s data, business processes and associated processing activities and systems.
The Accelerator builds on Collibra’s leadership in automating data governance – responsibility for managing behavior around data, setting and managing data policies, and harvesting and presenting metadata. The Accelerator extends Collibra’s standard metadata model to include GDPR specific assets such as a Process Register that can be quickly and easily linked to underlying systems, data sets, policies, stakeholders, and much more.
This means that GDPR compliance can reuse governance work you are already doing. Conversely, the work that you do for GDPR can be reused to achieve broader business goals – such as advanced customer analytics
Gain a better understanding of your data
The Accelerator supports you in the goal of documenting and understanding your personal data landscape – in the case of PoPIA all data related to customers, prospects, employees and suppliers.
It helps you to understand what the key business processes are that use customer data, where that data is stored, and how data moves between systems and geographies in order to support each process.
Over time, using the Accelerator will help you to build up a complete picture of personal data in your environment, along with a matrix of stakeholders that must be engaged to understand impact and to make decisions. This is, in my opinion, the true opportunity of GDPR compliance
The opportunity of GDPR
It is tempting to view GDPR and PoPIA as yet another compliance problem.
Very few companies have a the sound understanding of personal data that allows them to properly understand their customer, employee, or supplier.
For most companies, the task is daunting. With the right use of technology, such as Collibra, GDPR can be an opportunity to gain a tremendous advantage.
For more detaiil on how Collibra can help to achieve GDPR compliance read 12 steps to GDPR compliance