04 May Data Stewards the Ambassadors for GDPR
Data Stewards The Ambassadors for GDPR
Taking people with you can be the most difficult part of any compliance exercise.
It is one thing to write a set of Data Protection policies and procedures. It is another to get your staff to follow them. The key to effective GDPR compliance is making sure people understand what it means to them day to day in their own jobs. The detailed implementation of the GDPR requirements will vary across the business as there are different sets of personal data and team objectives for using that data. For example, marketing’s use of customer data is far more extensive than finance’s use, with a different legal basis, set of permissions and handling rules. Handling this variety is a challenge, so you ought to consider creating local ambassadors for GDPR in each team across your business.
The key to effective GDPR compliance is making sure people understand what it means to them day to day in their own job
This is not a new idea. They are called Business Data Stewards, a term used in the data governance world, but the role can be easily adopted by organisations implementing GDPR.
Large parts of GDPR are really describing a set of data governance rules for personal data
If you unpick the GDPR Regulation you’ll find that it really describes a set of data governance rules for personal data. Wikipedia’s definition of data governance includes “availability, usability, integrity and security” and “encompasses the people, processes, and information technology required to create a consistent and proper handling of an organisation’s data across the enterprise.” A successful implementation of GDPR means addressing precisely these issues.
So what can the world of data governance teach us about a successful implementation of the new data protection regulations? One of the core roles within a data governance framework are Data Stewards, specifically Business Data Stewards.
Business Data Stewards are generally individuals working in end user departments. They combine a knowledge of the business needs of their part of the organisation with knowledge of the data related policies and procedures. I like to think of them as the bridge between the policy makers (management and compliance) and the execution (end users). They can influence the people that input and use the data by adding specific business expertise, interpretation and definition to the data.
Whether your organisation already has Data Stewards or not, success in GDPR will come from ensuring that policy is championed at a local level.
At Datavault we have a track record in data governance. We provide training for Data Stewards. We can help your organisation to create your own GDPR compliance ambassadors.