November 8, 2017
4 minute read
No matter how large or small your organisation is, performing a data audit should be high up on your to-do list. It’s only human nature to want to jump ahead to the last stage and acquire as many comms-consenting individuals as possible, but this can be detrimental to GDPR compliance.
Here at Quant, we are advocates of ‘think before you act’. Our very own Tom Hutchings, Data Protection Officer and Head of Insight and Analysis, and Genevieve Flintham, Senior Planner, contributed to a recent DMA webinar on the importance of auditing your data and how to go about it.
Make sure you check out the recording by following this link.
The purpose of a data audit is described by the Information Commissioners Office (ICO) as a means of determining where an organisation has implemented the processes and procedures to regulate the processing of personal data. In addition the audit should ensure that the mechanisms through which personal data is processed are carried out in accordance with such policy. When a company complies with its requirements it is essentially identifying and controlling the risks to preventing breaching the Data Protection Act (DPA).
A data audit can cover the following:
Data audits can help businesses ensure that they are compliant with GDPR in a number of ways. Firstly auditing their data a company can ensure that the records of their processing activities are kept to a high standard. It is imperative that these records written to the closest possible detail, specifically where personal data has been acquired from, what the data is being used for i.e. is it for direct marketing or fulfilling a customer service order.
Companies must keep a record of who the personal information is being shared with. Where previously this will have been sent off to the ICO as part of a company’s notification requirements, the GDPR has now replaced this and as such businesses must keep a record of these activities should the ICO request a copy. Profiling and auditing of data will allow a businesses to access specific historical records upon request even after they have been deleted from the database, ensuring the company is compliant without burdening the system with old, outdated records.
Personal Data Principles for GDPR compliance
The issue of compliance is directly linked to the issue of consent. Marketers who process personal data are frantically attempting to contact previous consumers to get them to re-consent to their marketing activities, in order to comply with GDPR regulation, failure to do so will result in large fines being charged to the company responsible.
Audits should be deployed in order to establish how and what date personal data was initially permissioned, whilst this may be lawfully used for the current time getting this data re permissioned prior to the May 2018 deadline must be considered a high priority for business owners. However it is important to note that as much as businesses will want to get in touch with as many previous clients as possible it is important that they ensure their own records are date, showing how when and where a client’s consent originally obtained. It is not enough to simply send out a simple ‘do you want to opt in?’ email to consumers in attempt to getting clients to re – consent. Business’s must ensure that they have everything in place most importantly their data audit and their data itself before they begin the re-permissioning process.
A data audit needs to be one of the first things done along the journey to GDPR compliance, a key to this, as was done at Quant is to map the data flows of your organisation, what data is stored where and why. A further layer to this is the question of how as a brand you should decide on how long you should keep hold of personal data for. Making a decision on this depends from a legal standpoint at least under GDPR regulation will require business owners to specify how long data will be held for.
The deadline for businesses to ensure that they are data compliant is rapidly approaching. As such there is a growing need for companies to recognise this and ensure that their databases are in check. Figures from the DMA show only 58% of UK businesses are prepared and ready for GDPR coming into force on the 25th May 2018. One of the biggest challenges which faces marketers will be keeping track of all data which has been processed by the company. It will therefore be imperative that companies make the data mapping process as broad as possible to ensure that all records of personal data are accounted for in preparation for May 2018 deadline.
If you want to find out exactly how Quant can help you to get GDPR ready, contact us today.