Beyond DPA

The DPA (Data Protection Act) includes a few principles that when extended to a broader scope of the data within any organization will bring additional benefits on how data is governed and enable better decision-making, reduce operational friction, protect the needs of data stakeholders, and reduce costs and increase effectiveness.

Two of these principles are especially dear to me, they can easily be implemented and give clear results even in areas outside the Data Protection Act scope.

These are the Purpose Limitation and Data Minimization principles, and they are closely related when approaching data in a business-driven perspective.

Data minimization is an essential principle of data protection, and it refers to organizations restricting the personal data they collect from individuals and processing only information that is necessary to accomplish business purposes.

Data minimization involves restricting not only the collection of data but also deleting data no longer useful and setting limits for data retention.

This principle is critical in the light of the increasing regulations, and the increasing data privacy and security concerns among customers.

This context is creating the need for organizations to collect only the necessary data to enable them to provide their products and services and being fully transparent about it to its customers.

Customer trust around data is becoming mission critical for most businesses, and they must design their products for transparency, trust, and responsible usage of data, so that customers can trust they’re only collecting the data that will help them improve products or services.

This new level of transparency will rebuild trust. And trust is being increasingly perceived as a key differentiator for customers when deciding on their relationships with organizations.

But it should be taken even further, it must be taken outside the boundaries of data protection and extend to all data within the organization. A central point in the organization’s data strategy.

In a time where increasing capabilities in big data, cloud computing, data processing and analytical tools are being disclosed daily, when organizations are trying to generate and store all possible data - whether they need them or not – making the case for data minimization may seem out of place.

To be able to maximize the return from their analytical investments, and avoiding data becoming a liability, organizations need to move to collect only the data they need.

This is where purpose limitation comes into play. Implementing data strategies closely aligned with the business objectives, collecting, and working on the data that is effectively necessary.

Data governance plays a critical role in this change in strategy, assuring that:

· All the data being collected and processed in the organization within a specific context, either operational, regulatory, etc.

· That it collected and analyzed with an end in mind, sustained by a business case and aligned with the business objectives.

Embracing data minimization and purpose limitation, allows a better transition to being data-driven, enhances the decision processes, reduces security risks, reduces costs on storage and on managing data, and increases the customer trust in the organization.