By Emma Okonji
Microsoft, a leading software giant has advised businesses in Nigeria, including small and large corporates that are aiming to expand beyond the shores of the country to achieve global best practice in business, to immediately key into the European Unionâ€™s General Data Protection Regulation (GDPR) law. The law seeks to protect personal identifiable data across organisations.
Highlighting the importance of the GDPR law on global businesses, which takes effect May 25, 2018 within European Union (EU) countries, the Lead Commercial Attorney, Microsoft MEA Emerging Markets, John Edokpolor, said the GDPR is a new European law designed to protect the privacy of citizens, by setting new standards in terms of how personal data is handled.
He however said failure to adhere to GDPR requirements could prevent trade and other business dealings with EU businesses after May 25, 2018.
He said although the GDPR law is an EU law, it is relevant to businesses around the world, especially businesses that have trade ties with Europe.
“The new legislation is a milestone on a journey into a new era, where data is the fuel powering companies of all shapes and sizes, from all sectors,” Edokpolor said.
Explaining the reason for the introduction of GDPR law, over the weekend in Lagos, Edokpolor said: “Companies are increasingly embracing the cloud, with unprecedented ability to capture and store massive amounts of data, which calls for an updated governance framework for data protection policy in this new age.”
He further added that building on these rules, innovation coupled with trust among businesses and citizens will unlock productivity, help companies keep their customers delighted and fuel a new generation of Disruptors, which ultimately translates into growth.
Citing a recent McKinsey Global Institute study, which revealed that â€œdata flows now exert a larger impact on Gross Domestic Product (GDP) growth than the centuries-old trade in goods,â€
Edokpolor said the GDPR law would protect the privacy of citizens and protect their data stored in the cloud.
With less than two months to the deadline for compliance with the GDPR law, many companies are worried about what steps they should be taking to meet the new privacy and data protection requirements as efficiently and effectively as possible.
However, in order to be compliant with the new EU law on data protection, Edokpolor said achieving compliance, businesses must address three things: people, processes, and preparedness. In order to address the three key components, Edokpolor said organisations must manage their data like they manage their money.
According to him, every business maintains strict processes for tracking revenue, costs, and all manner of financial flows. They donâ€™t just do this because itâ€™s required, but because it makes business sense. Companies need to maintain the same birds-eye-view of their data assets, via a solid data governance strategy.
Another way of achieving compliance, according to Edokpolor, is that organisations must create a culture of data confidence, since effective data governance demands a people-first approach. He said employees must be made to know the real value of data and as such do all they could to protect it.
“Once this has been established, it will be easier for employees to realise the importance of adequately protecting data, as they would any other high-value company asset,” he said, adding that placing the approach to data governance within the context of a broader digital transformation can streamline the process.
Edokpolor however said that the May 2018 deadline for GDPR compliance is not a final destination, but a stepping-stone in an ongoing journey towards realising the full potential of digital transformation across economies and communities.