Organisations must trawl through their entire data infrastructure to create and maintain a constant, accurate map of their data. They need to pay particular attention when it comes to their third-party systems such as CRM, HR, infrastructures or platforms as-a-service or analytics that are based in the cloud.

This is especially important as they will then need to assess the GDPR readiness of their cloud provider as a data processor and make sure their contract includes a data processing agreement. Similarly, data controllers need to ensure that they can erase the data from their cloud providers when they stop using the cloud service.

As consumers will be able to request information on, or the deletion of, all the personal data a company holds about them, the data controller must ensure that they can meet this kind of requirement through their cloud provider. Consumers now hold more power over their data than before and as we’ve seen with the recent complaints against Oracle, Criteo and others , they are exercising it.

GDPR has enabled the consumers to be more data conscious – in the same way they are more environmentally conscious or health-conscious with their buying habits – and the raise of this new type of behaviour drives better data strategies implementations within organisations. Thus, data governance is becoming the new standard for building or reinforcing customer relationship.