How comfortable are you having a conversation that starts “the spreadsheet you emailed is going to cost us four million dollars”? Probably not very comfortable – but it’s where current data handling practices will lead us. Privacy laws are penalising loss of control of data – not actual harm to subjects of the data. This is why controlled handling needs to be an operational capability for any organisation handling personal data.
The CRM system is a great example of the problem – it generally has the crown jewels of personal data, and easy download capability. The standard response to “joe needs a list of customers for x” is to cut a spreadsheet full of personal information, and email it.
Every system the data touches after that makes a couple of uncontrolled copies – backups, replications, shares, edits. It’s like cancerous cells – a few here and there multiply to become a much larger problem. Under GDPR, it’s a 4% of revenue sized problem when the data is emailed to the wrong person.
The key to removing the problem is providing capability to handle data without downloading it. Simply, your employees need to be able to run their business process end-to-end without downloading and emailing a spreadsheet. If they can’t, you’ve got a carcinogenic problem within your organisation.