Cantata GDPR Readiness Statement

Cantata has a wide variety of experience with GDPR across a range of our clients; we have been working with the issue since it first emerged as a legislative idea.

It presents both a challenge, of course, but also an opportunity to establish a clearer and closer connection with all of your customers. It is a chance to ‘reset’ and gain consent to a more active and involved relationship.

The Basics

Cantata is working to ensure that our systems and storage of our own data comply with the requirements of GDPR and are helping existing clients to ensure that the systems and data they have in place will meet the required standard. However, we see technology as only a small part of the challenge.

Do you need to change your organisation?

Cantata view the introduction of GDPR as an overall business issue requiring more thought and planning than system updates. Are your senior management team aware of the nature of the GDPR rules and the business wide implications?

Should you make a formal appointment of a Data Protection Officer – and how will you train them? Will they manage introducing Data Protection by Design and Data Protection Impact Assessments to your organisation? Do they have adequate provision and authority to deal with reporting and managing any data breach? Has your DPO reviewed your data privacy statements and prepared GDPA compliant versions? The more you can do now the less will need to be revisited when GDPR comes into force in May 2018.

Do you need a data audit?

Do you truly know what customer data you hold in your organisation? We’ve seen many challenges in this area where different areas or individual hold ‘their own’ records and don’t share the knowledge.

Once you know what data you hold, are you clear on the rationale for having it – the business purpose for which it is held? Are these purposes acceptable in terms of the customer consents you hold – and are those consents valid for the use you are making of the data? If data on children is included have you got appropriate consent from their parent or guardian and can you evidence that consent? Don’t get pushed into a doomsday scenario of believing you have to delete all previous consents and cannot make any use of personal data. There are clear actions to address these challenges but ignoring them is a limited and potentially very damaging approach.

Knowing all the data you hold has long been a problem for Data Access requests – but now you will have less time to process these requests and you are expected to make it easier for the consumer to raise the request. Are you planning to enhance this capability – and will you have to consolidate much of your data to a single platform to achieve this?

Cantata can help

Cantata will work with their clients to resolve these and many other business challenges arising from GDPR – along with the review of your business model to meet the Marketing challenge of producing the required revenue generation if current data is seen as non-compliant. At the same time as ensuring the basic systems support what you need of course.