Soon, Kenyan organizations will have to follow strict data privacy laws.
The Data Protection Bill is months away from implementation, but companies are woefully unprepared.
The risk of being noncompliant can mean negative publicity, damage to companies’ reputations, and penalties. The new requirements include that data be protected adequately, and when breaches do occur organizations must have notification capabilities in place that align with the bill’s standards.
Especially when talking about telecommunications and financial services, data is the ultimate battleground. Already under increasing pressure to meet regulatory demands and manage their business challenges, constantly evolving regulatory requirements, rising costs environment, pressure on profit margins, economic pressures, the challenge of satisfying the ever-increasing demands of customers and increased competition, they will now face different data challenges.
The Data Protection Bill will soon govern how telecoms and banks collect, use, store and delete personally identifiable information in the wake of rising cyber-attacks and organizations are finally waking up to the reality that compliance is no longer up for negotiation.
For organizations that hold information for millions of customers on their systems keeping their personal information secure is already a challenge. Compliance with this new regulation is a massive task and there’s no silver bullet approach. It’s not surprising that not all organizations are ready.
The first challenge is understanding what needs to be done, avoiding being struck by paralysis and denial. To overcome this, those leading their organization’s efforts must start understanding the regulation and taking steps to ensure organizational compliance.
The approach should rest on three main vectors: Data Management, Security and Business processes.
- Data management: Data under the scope of the bill need to be properly governed, allowing it to be easily located and managed, driving the implementation of robust data management solutions.
- Security: Data loss and breaches prevention is imperative, allowing to identify where data is located and how it is being used.
- Process: Finally, to ensure data is handled properly within the organization, changes in the existing business processes or even new processes need to be implemented, involving staff training, internal audits, and review of internal procedures.
This article will focus on the data management vector and on how a strong data management framework will help the adaptation to these new requirements.
The first step is to create the right structure to conduct this process, assuring that executive management is responsible for ensuring that the organization meets its legal obligations to implement the requirements and the organization’s governance processes, including information security, legal, records management and audit.
The most important step to compliance is to understand the data the organization holds. Across the organization, different departments, different systems will hold personal information. Understanding what must be governed is the first step to governing it.
Master Data Management
When starting the process to comply with the data protection bill, it should be considered that addressing Master Data Management (MDM) and data protection is a sound strategy to save time and money. MDM involves identifying your customer data, determining who accesses that data and creating a governance program, although, an MDM implementation does not automatically make compliant with the data protection bill, it does include some of the necessary steps to ensure compliance.
Both projects address a set of common requirements, on about who using data and where that data is used and/or replicated. In fact, most of the MDM requirements are also requirements for the Data Protection Bill compliance. There is some additional work remaining, such as consent or anonymization, but they can easily be accommodated in an MDM initiative.
Data management is rarely seen as a competitive advantage, and although the use of MDM customer data is a common implementation, organizations have yet extended this practice to customer communication preferences and interaction histories, or their employee records and the process of complying with the Data Protection Bill is an excellent opportunity to do that.
Some of the specific requirements for the Data Protection Bill as the right of rectification and erasure or consent are, for organizations the size of the telecoms, banks or insurance companies, requests virtually impossible to process manually.
With highly siloed ecosystems formed of dozens or hundreds of different systems, identifying all the copies of the customer data in all its variants is a daunting task if the proper data management platform is not in place.
An MDM solution solves exactly these issues, guaranteeing that all the systems in the organization use the same customer information, the customer golden record, and identifying every single source or target for that data.
When it comes to the Data Protection Bill requirements previously referred, right of rectification and erasure or consent, these can be included in MDM, enabling the full automation of these processes.
Besides all the feature previously enounced, the existence of a single view of the customer data also constitutes an authoritative source of customer information, controlling the data silos, making it easier to accommodate ever changing business requirements, eliminating redundancy, increasing data quality.
On the verge of a new set of compliance requirements, and although every industry may have a different business vision, you need to look at that vision and understand if the focus for this transformation should only be the compliance to the Data Protection Bill, or if a more broaden opportunity should be considered.
You need to look at this solution, not only to solve compliance, but also as a true business differentiator, enabling a customer centric vision supporting the organization to deliver truly personalized and valued customer experiences.