dark mode light mode Search
Search

Here’s what Nigerian companies should know about EU’s General Data Protection Regulation

In this guest post,  John Edokpolor, Lead Commercial Attorney, Microsoft MEA Emerging Markets, writes on GDPR: Mere requirement or unique growth opportunity?

Businesses in Nigeria, both small and large corporates, should pay attention to the European Union’s General Data Protection Regulation (GDPR), given the 25 May 2018 compliance deadline. This is because failure to adhere to GDPR requirements could prevent trade and other business dealings with EU businesses after May 25 2018.

The new legislation is a milestone on a journey into a new era, where data is the fuel powering companies of all shapes and sizes, from all sectors.

As a quick refresher, GDPR is a new European law designed to protect the privacy of citizens, by setting new standards in terms of how personal data is handled. As the law affects any organization with ties to Europe, it is relevant to businesses around the world.

Why is GDPR being introduced at this point in time?

As companies increasingly embrace the cloud, they have an unprecedented ability to capture and store massive amounts of data. In parallel to this, advancements in business intelligence technology have given organizations the ability to pull insights from this data that are so rich they are actually predictive in nature. The result: businesses can stay a step ahead of customer expectations and needs, versus merely reacting to them.

This is a significant step forward and truly marks the beginning of a new era, one in which data becomes the electricity powering companies. An updated governance framework for data protection is a logical policy component of this new age. Building on these rules, innovation coupled with trust among businesses and citizens will unlock productivity, help companies keep their customers delighted and fuel a new generation of disruptors. Ultimately, all of this translates into growth.

But what if I told you that many businesses currently lack oversight of one of their greatest assets?

The value of data to modern organizations is undeniable. A recent McKinsey Global Institute study revealed that “data flows now exert a larger impact on GDP growth than the centuries-old trade in goods.” Media headlines refer to data as the “new oil” or the “new electricity” – although neither analogy quite captures its nature as an unlimited, ubiquitous commodity generated by businesses all over the world. Our own customers frequently emphasize that data is the lifeblood of their organizations. Data-driven services help optimize existing product offerings or open up entirely new opportunities, such as the use of predictive maintenance services which can anticipate failures in manufacturing.

In short, data is the most important asset in a modern company’s business portfolio – and it needs to be managed as such.

In this context, the General Data Protection Regulation (GDPR) is a logical policy development. At its heart, the GDPR is about guaranteeing the privacy and integrity of individuals’ data, in our evermore digital world.

With the deadline for compliance one six month away, many companies are thinking about what steps they should be taking to meet the new privacy and data protection requirements as efficiently and effectively as possible.

In my view, achieving this depends on how you address three things: people, processes, and preparedness. With that in mind, here are some guiding principles for to help you get ready for May 2018.

Manage your data like you manage your money.

Every business maintains strict processes for tracking revenue, costs, and all manner of financial flows. They don’t just do this because it’s required, but because it makes business sense. After all, you can’t map your company’s future if you don’t know your current state of financial affairs right down to the bottom line. Companies need to maintain the same birds-eye-view of their data assets, via a solid data governance strategy.

Developing this strategy demands that you answer several key questions: what, where, who, and why?

To begin with, an audit is a logical first step. Making a comprehensive inventory of the data in your company’s possession will show you exactly what kind of data you’re collecting and storing, where it sits, and why you have it in the first place. Tools to do this include the ISO 1944 standard for data categorization and data use. Getting your house in order in this manner creates a strong foundation from which you can ensure you are getting the greatest ROI from the data you have – just as an accurate overview of your financial assets enables you to make smart investment decisions.

Once you have established this baseline visibility, consider how you can maintain it over time. Migrating to the cloud is one way to do this, as it lets you bring together disparate data sets. However, before you choose a cloud provider, make sure they can answer some key questions. Who has access to your data, and on what terms? Where is your data stored? How will your cloud service provider respond to government requests for your data, or help you meet your compliance requirements? It’s vital to ensure your cloud provider is committed to offering full transparency over your data. After all, you wouldn’t hire an accountant who couldn’t tell you exactly where your investments are at any given moment!

Create a culture of data confidence.

Effective data governance demands a people-first approach.

Employees in all departments – from marketing to finance, sales to HR – handle data every day. But how many realize how valuable it really is, and how the right usage of data can help them be more productive and connect more effectively with customers? Fostering this understanding is vital for employees to feel personally invested in your company’s approach to data governance. Once this has been established, it will also be easier for employees to realize the importance of adequately protecting data, as they would any other high-value company asset.

Embedding this culture across your company takes time. However, placing your approach to data governance within the context of a broader digital transformation can streamline the process. In this way, employees are better prepared to explore new, sometimes experimental avenues for data utilization, to course-correct when necessary, and help others learn from their experiences. The GDPR was developed in part because in our digital era, people want more control over their privacy, in order to trust technology. Creating this confidence, both within your organization and with your customers, is key to making sure you’re making the most of data-driven, business-critical insights.

The May 2018 deadline for GDPR compliance is not a final destination. Rather, it’s just one stepping-stone in an ongoing journey towards realizing the full potential of digital transformation across economies and communities. Viewed in this light, establishing a firm approach to data governance represents one of the smartest investments a company can make.

Total
0
Shares