Most of us think that making fundamental changes in how we handle data results in more complexity or imposes new or unknown risks, but that is not always the case.
Here is a simple use case on employee data management based on the NewBanking Identity product.
A large corporation deals with employee data in a very simple and “local” manner. They use different systems for different purposes, accounting system for salary, system for recruitment, HR systems for ongoing management and so on. In this case the corporation is using around 100 different systems globally. It is up to the local branches or divisions to make sure that the correct procedures are followed. On paper and when going through the documentation it looked fine and very GDPR compliant but in “real life” it is a mess – there are simply too many things that can go wrong. Just the fact that HR people have a tendency to share data among them through emails creates potential data breach situations – with the risk of getting the ever-increasing GDPR fines.
All employee data was handled with this mindset: We (the company) own and store all the data we are obligated to.
Over time, more and more different controls have been implemented, both in terms of mitigating risk but also to keep the company compliant with ever-changing regulations. Anyone familiar with IT development, recognizes the risk of building legacy within the IT infrastructure – not a cost-effective road.
What if this could be fixed with a simple change of mindset?
We (the company) can access all the data we are obligated and entitled to but the employees owns the data.
By applying this mindset, we actually remove the risk related to the storage of data, and can focus on what data is needed and why we need it. This does not mean that we don’t use employee data in other systems, but it forces us to be transparent on why we use data.
Pursuing the concept of transparency and true ownership of data will reduce the complexity of data management – hence reducing risk and cost.
At the end of the day, it’s not about how much data you have, it’s all about what data you are entitled to use. Take that punch Google, Facebook, Amazon, Apple…
NewBanking Identity: Your legal identity.