To identify the discrepancy between what legislation requires of the organisation and what the current situation is, we carry out a Privacy Impact Assessment (PIA). As part of this, we look not only at the legal aspects, but also at data governance, i.e. all the rules and procedures set down to safeguard the quality and legally correct usage of data.
This results in establishing the extent to which the organisation is compliant with the formal legislation, such as the General Data Protection Regulation which must be implemented in the organisation by May 2018.
The legislation provides great scope to use personal data provided that a number of prerequisites are fulfilled. It is important to ascertain how the organisation wants to deal with the issue of privacy and what that will involve for customer relationships and processes. Many data initiatives are unjustly snuffed out before coming to fruition because of alleged privacy issues.