Pan out and think about how your business really works for a moment. It’s not operating in a silo. It’s connected to a vast network of partners and suppliers that work together to help you deliver the products and services you offer.
Payroll suppliers, company insurance suppliers, private health companies and even cleaning and maintenance services are just a few of the suppliers that most businesses have ongoing relationships with, and in the new era of GDPR it’s your job to know how all of these companies handle any personal data you entrust to them.
Managing the privacy weak spots in the supply chain will become one of the biggest challenges any business encounters under the GDPR. Companies need to know exactly what their supply chain looks like. They need to know what personal data suppliers store on their behalf, where that data is, and why it is needed. Most importantly, they need to know all of this in a dynamic business environment where change is routine.
Keeping on top of the personal data flowing across your supply chain is easier said than done. To be compliant, you must understand how your suppliers use the personal data you’ve entrusted to them.
This means creating a “what, where and why” data map that proves your suppliers only have access to information they need to do the job you’ve asked them to do.
In today’s dynamic business environment this quickly becomes challenging. Requirements change routinely, as do suppliers. The data map you produce today will be inadequate in a matter of weeks or even days as suppliers and the services you procure from them change.
GDPR has also introduced the idea of “data breach logs”. Every business is required to log data breaches whether the breach is suspected or real.
In the new privacy ecosystem, the relationships you form with suppliers need to be robust and transparent to ensure that any breach across the supply chain, suspected or real, is communicated to you quickly.
It’s the dynamic nature of the new privacy ecosystem that is powering the concept of personal data governance.
Personal data governance is not just about identifying personal data, but also about focusing on the underlying business processes that are being supported. Everything in the organisation, from a personal data perspective, revolves around the business processes.
This level of comprehension is only possible if you are able to discover, and document, all of your processes and the associated data flows - internal and external, as appropriate. This means not just within the enterprise, but throughout the supply chain too.
An effective solution must be capable of processing and analyzing huge volumes of data and metadata, and granular enough to able to switch, dynamically, between the atomic, or individual, data level and various levels of summary above this. This allows comprehensive views of the organisation to be created for a wide range of stakeholders and for the, sometimes, complex interrelationships between the different systems, processes, jurisdictions etc. to be mapped out, visualised, and interrogated.
What’s increasingly evident is that GDPR is more than compliance – it is a real opportunity to drive ROI, but only when managed correctly. To find out more, please contact us at +44 (0)20 3582 5055 or get a demo here.