So much of a quality and compliance role involves checking data. Since the GDPR deadline last May, even more checks have been added to the list of things to do each day. Many organisations are taking the view that the risk of a breach or non-compliance is unlikely to crystallise for them as they have the people in place checking data and servicing data subject rights. Or do they?
Since GDPR, the quality and compliance workload has increased significantly. There are now necessary checks for data retention, consent (for child data processing, profiling, automated decision making, marketing opt-in and more), right to rectification, erasure and so on. Not to mention servicing data subject access, data portability and freedom of information requests. Data subject access requests are seen by many as having become more complex since GDPR and I’ve heard stories of complex legal requests taking as long as 70 days of effort to service! The approach for many organisations has been to appoint someone into post to manage the emerging compliance burden. The view taken by many, business leaders and boards is that this will contain the problem and mitigate the risk. Perhaps they’re right. But consider this…
I heard of one organisation (let’s call them ‘A’) recently proudly claim that it takes them just 2 weeks to service a data subject access request. Continuing that they only get two a year so we’re ok as we have a Data Protection Officer (DPO) who can easily service them. Sounds sensible, no problem there. Or does it…
… I know of an organisation down the road from ‘A’ (let’s call them ‘B) that does the same thing as ‘A’. However, they have a problem, a big problem. A no-win no-fee solicitor is hounding their customers to get details of their case histories for a class action. They get two subject access requests a week and have a team of four people to service the demand. Their costs have risen four-fold in a matter of weeks with no end in sight. Whilst this is happening they have stopped their manual data checking and in so doing have increased the risk of a GDPR breach.
If you were the leader of organisation ‘A’ or ‘B’ what would you do? Stick or twist?
Leading management consultancy McKinsey, recently pointed at a potential way forwards, they published a paper summarising that:
“Companies will need to increase automation and streamline their organisation if they are not to be overwhelmed by the challenge of sustaining GDPR compliance over the long term.”
Clearview Infoboss is a new technology designed to help quality, compliance and assurance teams to achieve more with the limited resources at their disposal. It is cost effective, easy to use and fast to implement. Yielding almost immediate savings in time and costs associated with discovering and checking data. If you’d like to discover how, why not watch our video on “Automated data monitoring for quality and compliance purposes” or get in touch for a discussion on your digital data checking challenges and how we can help.