Data is a great entry point to digital transformation and underpins many of the choices you will make when embarking on a transformational project.
Robust data governance is becoming more pertinent than ever, with the ramifications of next year’s incoming EU regulations in the form of GDPR (General Data Protection Regulation), but more urgently in the reports today of a large data breach at Bupa.
The private healthcare specialist has reported that the names, dates of birth, nationalities, along with unspecified administrative details of over 100,000 of its international insurance customers had been inappropriately copied and deleted.
With the recent spate of high profile cyber attacks, what’s truly interesting here is the source of the breach - an internal employee.
Bupa revealed the employee has now been fired and it is currently fully co-operating with the Financial Conduct Authority and other UK regulators.
Affected customers are now being warned to be vigilant for signs of identity theft.
The UK’s Cyber Threat Risk
Cyber security is high profile, with reports of hacks and attacks on organisation’s systems and software occurring almost daily.
PwC’s 20th CEO Survey revealed recently that cybersecurity is the second biggest commercial concern for 76% of UK CEOs.
A further 97% of respondents reported they are currently taking action against cyber breaches affecting business information or critical systems, well above the global figure of 90%.
Fighting cyber crime takes heavy investment in technical solutions and constant vigilance, but the threat is even more difficult to counter from within your organisation.
The Number One Biggest Data Risk in Your Business and How to Counter It
Unfortunately, one of the biggest digital risks in your business is your employees. Whether through malicious activity or simple misunderstanding of data processing regulations, many organisations have potential a data crisis in the midst of their teams.
Dealing with either an accidental or deliberate breach, the response should be the same - the establishment of strong data governance.
Setting good data governance protocols not only mitigates the type of digital risk we are currently watching play out for Bupa, but offers unparalleled access to valuable, commercial information about your customers and your organisation.
The starting point is a thorough review of data entering and exiting your business. This type of work is highly individualised between businesses but some important questions to ask include:
- How does data flow through my business? How secure is each part of this process?
- Are my suppliers or third party vendors compliant with the latest data management requirements? You may find yourself liable for security breaches which occur along your supply chain.
- Where do we store this data and who has access to it? From customer details to employee records to data generated within your processes, you need people in place with the right accreditations who understand how to keep you up to date with legislation.
- How well do you understand your data? It’s not all negative - data presents enormous potential. Investing in data analysis could provide you with unexplored opportunities and give you vital evidence to support proposed work.
GDPR and the Future of Data
Understanding your data obligations isn’t a nice to have - it’s a vital compliance issue for your business. When the GDPR obligations become legally enforceable from May 2018, you will not only be liable for the processing and storing of data within your organisation, but also along your supply chain.
Breaches will become not only a reputational headache but a legal and financial threat to your business.
So far, the ramifications for Bupa in the long term are unclear but it does appear they are handling the crisis well through clear communication with their customers and the media.
Good data governance will protect your business, your reputation and your customer relationships, and could even provide insight to help you get closer to your customers and improve your products and services.