Are you facing the risk of losing the investment you’ve made in your BI and Analytics Program? The first examples of companies choosing to shut down parts of their BI and analytics solutions have started to surface.
Yes, you read that right. Some companies are choosing to shut down part of their BI and analytics solutions – despite need and investment – to protect themselves against great risk of financial penalty for not being GDPR compliant.
They built BI and analytics solutions for a reason: to put their data to good use. They wanted to become data-driven to enable them to make better business decisions.
GDPR coming along
These large investments were big commitments in time, money, and resources; allowing companies to build Data Warehouses, BI front-end tools and all the nuts and bolts that went into the solutions. In some cases, this also included hundreds if not thousands of hours spent on contracting consulting companies to build, and, if needed, maintain the solutions -- at least for those organizations lacking in-house tech and data support.
Then GDPR came along raising a lot of questions, for instance:
- What data does your company hold?
- Where does your company store this data?
- What is the data used for?
- Who has access to the data?
Companies that are unable to answer questions posed by GDPR and that are not compliant as required, could face a fine up to 20.000.000 EUR or 4% of annual worldwide turnover, whichever is greater.
Get educated in the main elements of GDPR.
For some, “GDPR compliant” is a mouthful to tackle. With no idea how to approach the task at hand, the simple solution created by them has been to put the “less business critical” systems to a halt.
The results can affect systems and a company in the following manner:
- Self-service BI front-ends are made un-accessible with no alternative offer to the users on how to get their data, make their graphs or basically run their business
- Analytical projects are put on hold until further notice, as the explorative/ad-hoc approach and algorithms in-the-making might cause what is perceived as “major headaches” to try to document
- Reporting services with strict limitations in recipients
- New administrative business processes including emails that remind all colleagues not to forward emails with attachments of data, reports and spreadsheets
These are just a few examples, and more implications are likely to occur. So ask yourself, are YOU willing to shut down you BI? Stop your reporting? End your Analytics?
Stay optimistic -- there’s another way.
Stay optimistic – there’s another way
Your company can of course become GDPR compliant and meet requirements for the May 2018 deadline.
Let’s start with this: Which steps have you taken in order to make your BI and Analytics environment GDPR compliant? If you’ve taken no action to date or have and feel you are lagging behind, consider the following solution to tackle this problem.
One of the central questions about this entire topic is if companies should hire a Data Protection Officer (DPO) to help with GDPR. The short answer is this: yes, large or small, you might consider hiring one.
The DPO can be the central manager to oversee all of your data management processes across your entire company. This go-to person can help evaluate and determine which data stays and which data goes, and for the data that will continue to live on, where and how it should be organized and stored. In addition, the DPO can answer directly, on your behalf, to the EU; an indication to the governing body that you are in fact a serious organization, intent on becoming GDPR compliant.
So, find that person, who can be the corporate connector, the one who can link together all your different departments, various IT systems, and business processes all related to storing data. The DPO will likely take it a step further and work with you to establish contact points and processes for customers and external stakeholders who also want access to the part of their data which you are storing under GDPR guidelines.
While you might not be the first company to appoint a DPO, rest assured, you won’t be the last one to do so. And while it’s not absolutely necessarily to hire a DPO to become GDPR compliant, you do need to assign someone the task of assuring your company meets requirements. A DPO is simply one plausible solution that could help you achieve this objective.