TechRepublic’s Dan Patterson sat down with BDO USA’s head of data and information governance Karen Schuler to discuss the GDPR, which goes into effect on May 25, 2018.

Watch the video, or read the full transcript of their conversation below:

Patterson: Karen, according to your new report at BDO, the GDPR, though many fear its implementation, could actually spark what you call a lean data revolution. Let’s define terms. What does lean data mean?

Schuler: Well, Dan it really means … And thanks again for having me on today. I really appreciate the opportunity. Lean data really is collecting only what you need, and using only what you need, and not keeping it forever, and really pairing down to make your business run more efficiently. Not only do we see this as an opportunity of complying with the regulation, but we really see it as an opportunity to make your business more effective and efficient.

Patterson: Many companies fear that GDPR may tamp down innovation. You, on the other hand, have this great take that it will, in fact, spark new innovation. Why is that?

Schuler: Yeah, it’s been … One of those things, at first everybody was thinking about as we have to do this, it’s the law in the EU, and now today people are saying, “Wait a minute. We can actually get our house in order. We can actually make things run more efficiently.” Most of the companies out there in the world are knowledge workers, and full of knowledge workers. A lot of your audience are complying and contending with GDPR right now.

In our mind, is, take all of those initiatives that you once wanted to do, that you didn’t have budget to do, but now need to do because of GDPR, and really help yourself promote that throughout the organization to have more of that data minimization, lean data culture, and operationalize these programs to make sure that they’re really a competitive advantage at this point, not just something you have to do for regulation.

SEE: Getting ready for the GDPR: An IT leader’s guide (Tech Pro Research)

Patterson: I love that idea, that this is a great time. Even though you have to do it, it’s a great time to get your data house in order. Data can spin out of control. How could the GDPR, and in large part, digital transformation, help control data costs?

Schuler: Yeah, it used to be, we looked at data storage as being overwhelming costs for a company. I’m sure you’re quite familiar with that. Today, it’s not really the data storage. It’s more about the people using the data, and ensuring that they actually know where it is, how they can find it, how hard or easy is it to find it, and how efficient are they.

By really promoting this whole lean data culture, it gives us the ability to really take an organization, big or small, and turn around and say, “Hey, we’re going to operationalize this, and we’re going to be more efficient in the future.” So, I think ultimately our goal is to say, “Hey guys, it’s not just reducing the data storage costs, but it’s making people more efficient, more effective, at their jobs.”

Patterson: One of those is in dormant data. According to your report, this is a really surprising number, 15% to 25% of revenue loss can come from just bad data, dormant data, data you’re not using or doesn’t have a purpose. How can companies cut down on this older data without losing some of the benefits?

Schuler: There’re tons of different methodologies you can use to do that. At the end of the day, the minute you start thinking about dormant data, stuff you’ve been sitting there, and it is astounding to look within an organization and to see how much information just sits there for years. In doing this, it’s not a one size fits all, first of all. It’s go out and look for it, figure out what’s the outdated stuff, what hasn’t been touched in seven or five years, and really start to pair down on that and say, “All right, this is our cut-off. This information isn’t being used.”

It not only … The data leakage issues with either rogue employees, or data breaches, you can also reduce your e-discovery costs. There’s a lot of benefits to doing this. I’m not sure if that totally answered your question or not, but if not, you can take another stab at it.

SEE: Hiring kit: GDPR data protection compliance officer (Tech Pro Research)

Patterson: Karen Schuler, BDO. This is a ton of really interesting information from the report. When we look at a post-GDPR world, for years we’ve been in preparation mode, and now we’re kind of in execution/implementation mode. What should companies, no matter the size, whether they’re SMBs or enterprise companies, do to not just make sure that they remain compliant, but that they are managing data in a way that is not overhead and instead adds to business value?

Schuler: Yeah, so a lot of parts to that question. One, unfortunately, a lot of companies are still preparing. There have been some changes in the regulations so that it flip flopped a little bit, so everybody is still trying to get their arms around what does compliance really mean. Then, depending upon the countries you market in, sell in, or operate in, it really could vary in terms of what your level of compliance has to be.

In doing all of that, it’s one of those where the companies really need to think about, “Okay, we’re going to test our security settings,” obviously, or, “All of our controls. We’re going to make sure that our incident response plan is up to date.” That’s something that should be revisited more regularly than they’ve done in the past.

They’re also going to look at records management. We have tons of clients right now that are looking at, “What is our records retention schedule in addition to having this lean data, or GDPR?” They’re combining the two and saying, “Okay, we’re going to do global roll outs,” or, “We’re going to roll it out to all of our different offices.”

In doing that, they’re really taking a step back and saying, “Okay, we can really operationalize this whole thing across the playing field, and reduce the data that is leaked by, again, rogue employees or data hacks, or data breaches, and make sure that we’re really focused on how do we go about doing this in a systematic manner.”

Also see:

  • EU General Data Protection Regulation (GDPR): A cheat sheet (TechRepublic)
  • Strategies for improving data security for IoT devices (TechRepublic)
  • How to request your personal data under GDPR (TechRepublic)
  • Ransomware, cyber-extortion and GDPR: Three security headaches ahead for charities (ZDNet)
  • GDPR Compliance: For many companies, it might be time to panic (ZDNet)
  • Facebook moving 1.5 billion users away from GDPR protection (ZDNet)