So, you have a plan for getting control of your organisation’s data. You may be motivated by regulations like GDPR and want to make sure your reputation is not at stake because you didn’t protect your customers’ sensitive data.
Whatever the motivation, it is a worthy undertaking. Data is power, data has value. Insiders and outsiders want to access it to monetise it on the black market. Or they simply want to have a laugh at your expense by leaking it.
But how do you implement this plan? How do you figure out where all your data is coming from, how it is processed in your organisation, and then who makes use of your data? Then, even if you get a handle on all this, who is going to monitor it — and how?
This is the banality of implementation. And the title is purposely chosen — as there is an element of evil in this supposedly straight-forward process.
Ideas are good; strategies seem plausible… but there is a mundane reality of effecting this change where so much is left to die. Ideas get worn out, people lose interest, and checks and balances are ignored.
Implementation is boring. It means fastidiously adhering to standards and crossing the t’s and dotting the i’s. Not many people are going to thank you for being tasked with ensuring your organisation complies with all its obligations under the various data protection regulations.
And then you get hacked. Then you are in a lawsuit. Then your customers lose trust. Hopefully you had processes in place to know how to respond.
There is banality (and by abusing its original usage — evil) in implementing important change because it is this boring adherence to regulations that helps prevent and prepare individuals and organisations for the drama of leaked data.
The challenge is to create a work culture that constantly reinforces the necessity of sticking to procedures and staying engaged enough to find ways to improve processes. If you and your organisation are not engaged with these regulations then you are open to risks that will cost you time, money, and customers.
We may get to a point where privacy and data protection don’t need to be actively controlled; but I suspect this is still some time off. So start thinking about how to make this banal implementation exciting (or at least automatic so people don’t have to think about how boring it is!).