Are you involved in implementing a GDPR/Data Privacy programme? A fair question to ask is: “Which of the many off-the-shelf GDPR software tools will help accelerate and support my implementation?”
To answer that, we must first align on what we mean by data privacy tools. Broadly speaking, we can split the offerings into three groupings:
Documentation, Risk and Monitoring tools:
- Monitoring and Risk management
- Assessments such as GDPR readiness assessments, DPIA assessments and Privacy Shield
- Documentation of items such as the Register, data breach and data subject requests
Data description, Incident and Request management tools:
- Data mapping,
- Data classification,
- Incident response management
- Request management
Data Discovery and Consent management
- Discovery, management and visualisation of personal data in actual physical systems, databases, integrations, cloud solutions and websites
- Management of consent and legal ground
- Intelligent data privacy analytics
Despite the existence of a number of well established data privacy software platforms for many years now, this last year has seen an explosion in the number of new companies (100+ and growing) supporting data privacy. Many of the big technology companies already provide updates to their existing tools to support privacy in one form or another. This is great news since choosing the right privacy platform helps accelerate the implementation of your privacy program while contributing to greater transparency and providing ongoing support and visibility post May 2018.
Which data privacy/GDPR software tools suit your current GDPR programme?
The simple answer is: “It depends”. It depends on the size of your organisation; it depends on which solutions you already have as part of your existing technology landscape; and it depends on your data, IT and data privacy and data protection strategy. Let’s examine these criteria so we can provide good guidelines to help you and your organisation make the correct choice.
These SMBs and SMEs (less than 150 people) which have lower volumes of personal data are often well-suited to managing their data privacy requirements with basic IT tools such as MS Office, Sharepoint or other collaboration and cloud tools. Here, typically, GDPR software tools can be an overkill. Of course the implementation team will still have some work to do, but it could be done using templates.
Medium and Large Enterprises
Here we usually see the need to utilise GDPR software tools and other technology to meet the ongoing data privacy and data protection requirements as outlined in GDPR, the ePrivacy directive as well as others still in the making. Many of our customers have actually been able to reduce both the cost and complexity by using such tools.
Why there is no one perfect GDPR software tool solution
As data privacy is a broad area, there is no silver bullet solution covering all the needs outlined above. Some organisations will most likely have assembled parts of the data privacy puzzle already. For example, incident/breach management may be part of their incident management suite, data mapping may be part of the Enterprise Architecture tooling or data discovery part of your metadata solutions.
Having ourselves evaluated several data privacy solutions, we know it is not an easy choice to make. Here are some pointers to help make the decision easier and to help provide a better fit to your Data Privacy programme and the selection of any required GDPR software tools.
- GDPR involves the whole organisation including Legal, Risk, Data Officer and IT. It would be good to have a multi-disciplinary team which has a vision beyond May 2018.
- Data Privacy and GDPR is part of the bigger Data and information management picture. It would be worth defining/refreshing your data strategy and data privacy strategy to determine the need for GDPR software tools based upon that.
- Data Privacy is not just about an assessment. Investigate the different components listed above such as Consent Management, Subject Access Request, etc., as required by your organisation.
- Based on your existing technology landscape, investigate if some of these components are already available.
- Cloud is not the enemy or out of the question regarding privacy or data protection. It can be an opportunity.
- Taking a risk based approach towards GDPR – also applies for tooling.
- Tooling needs to go hand in hand with governance (policy enforcement), behaviour and process changes.
- The implementation of tooling depends on both the data management maturity and privacy maturity of your organisation.
You should now be off to a good start
These initial steps aim to clarify your go-to-market approach for a Data Privacy solution. Some of the solutions will be stronger on content and others on the different functionalities required. Also, it is worth noting that many of the Data Privacy solutions can serve a larger scope and may be more suitable for a future-proof data privacy programme. Make sure to widen the description of your requirements based on a combination of GDPR requirements and the business value that the tool can bring.
This will not only help you obtain a budget and a positive Return On Investment for your tool, but also make your investment more sustainable.
Hope this helps with your Data Privacy programme and the selection of GDPR software tools! If you have any questions, feel free to contact us. We’re happy to help.