Share on facebook
Share on twitter
Share on linkedin
Share on email

Are you controlling the data or is it controlling you?

Most organisations will be able to relate to being overburdened with data, unsure where it is or even what it’s doing. Archiving is the norm because out of sight is out of mind.

Functions and architecture are driven by the need to accommodate data and often ringfence data in order to protect it, while functions continue to collect data irrespective of the use and value it drives within the business. GDPR will look to resolve all of that.

One of the key concepts within the GDPR is the ‘controller’. Each time an organisation processes data, whether personal or not, they are in effect a controller or a processor.

The first question to ask yourself as an organisation is whether you are acting as the entity that determines the purposes for which and how that data is held or processed – if so you’re the controller.

Being the controller is most certainly not something to fear – in fact it’s something to embrace. It gives you the opportunity to drive value from that data, so long as that value is derived through the right means and methods. Along with the collection and use of personal data it is essential that you understand your role as a guardian of data and the management requirements placed on you as a controller. Key changes see the legislation champion a much more active role for the controller of the data including high level responsibilities such as:

  • Personal data must be accurate and, where necessary, kept up to date. every reasonable step must be taken to ensure personal data are accurate. Have you got the right controls and workflow in place to maintain your current data, and how have you change the way you bring data into the organisation?
  • Minimise data where possible. How can you change user behaviour from “keeping it because we might use it in the future” to “if it’s not being used and there is no agreed future use, it does not need to exist within the business”?
  • Data pseudonymisation should be driving the way you store and use data.
  • You must perform Privacy Impact Assessments to analyse and minimise the risk to your data subjects prior to the commencement of new processing activities and for existing activities it is critical that you carry out ongoing and regular assessment of those activities.
  • Data Breach Notifications mean that you will have to be prepared and ready to alert regulatory authorities within 72 hours of discovering a breach and will have to do everything in your power to make the data subjects affected aware of the impact and or risk to them of the breach.
  • Whilst the SARs (Subject Access Requests) have been an existing feature of the Data Protection Act, the GDPR is likely to see an increase in SARs whilst controllers must action these requests without undue delay and in any event respond within one month of receipt of the request.
  • Consent-driven processing means that you can only process data for the express intention that was agreed upon by the data subject and any processing beyond that remit is unlawful without clear consent.
  • Withdrawal of consent will require that you stop any processing in its tracks wherever it is in the business – and consent must remain as easy to withdraw as it is to provide, meaning that if you can consent with a tick box you must be able to withdraw using a tick box.

Following the successful understanding of all of the implications the legislative mandates above provide you with, you’re now ready to start using your data in line with the GDPR. Accurate data that is up-to-date will yield data that is of a higher quality and can provide improved accuracy of business insights, be it HR, marketing, operations or other. Effective data minimisation can also provide major cost savings to the IT organisation, removing stale data frees up space and reduces the amount of storage expenditure by the business. Understanding exactly which areas of your business are personal data heavy will allow you to better architect now and in the future and better protect the areas that need it most, improving the effectiveness of investments in security spending in the long run.

Xonetic has the relevant experience and expertise to mature data controlling within your organisation to compliance with The GDPR. We help you answer the key questions that The General Data Protection will ask of your organisation as a data controller delivering compliance and business assurance.

GDPR will require a change in the way that your organisation thinks, appropriate technical and organisational measures that are demonstrable will need to be implemented along with appropriate data protection policies and Xonetic can effectively deliver the organisational change you need to effectively control your data.

People management when controlling and processing data becomes critical within the new regulation and alongside an education piece it is imperative that you understand the need for responsibility and accountability within the organisation where roles and responsibilities are clearly outlined and executed to maintain the integrity of the organisation and protect the freedoms and rights of data subjects.

So what are the requirements that you should start thinking about as a controller of data?

  • You must be compliant with the GDPR by 25th of May 2018.
  • You must ensure that GDPR compliance is driven at a board level.
  • Understand the proliferation of personal data throughout your organisation.
  • Understand the crown jewels in terms of personal data – what is likely to have the largest impact if breach, what is your level of data protection maturity in that area and what is the gap between current and required compliance.
  • Coordinate the education of your workforce, GDPR is a much cultural as it is technical.
  • Remove barriers to prevent shadow activities, move away from “you can’t do that”, to “you can do that, if…”


Get in touch

If you would like to find out more about how Business Technology can help you, then please fill out the form or contact us by: 

More to Explore

15 September 2021

7 reasons why you can benefit from Business Technology​

Nick Russell, managing director of Xonetic, explores how the Business Technology Framework can help organisations make better use of technology In today’s world digital transformation is everywhere. But what does this...
19 April 2021

Technology investments for remote workforce

Does a remote and distributed workforce change the way you manage your technology? (Clue – yes it does) Does a remote and distributed workforce change the way you manage your technology?...
24 February 2021

How Integrated Technology Can Boost Your Business

Business growth, fuelled by digital innovation, has led to greater proliferation of technology across organisations. This trend will continue to accelerate, meaning an organisation’s traditional IT department can no longer act...
8 October 2020

King’s College London Journey into Business Technology

King's College London started their Business Technology journey in 2018.
19 September 2020

King’s College London Partners with the Business Technology Forum

King's College London have become the first UK partner to the Business Technology Forum.
12 June 2020

Financial Services Digital Energy

Is now right time to drive Digital Modernisation in this period of economic uncertainty? Many organisations have stopped or paused their digital agenda, but this can only be a short-term option. Organisations...
11 January 2020

Think like a start-up! How fast are your decisions?

Have you ever wondered what drives the high productivity of start-ups? An agile culture continuously takes small productivity boosting steps. Start-ups are obsessive about velocity and creating an agile “Way of...
Coach & Facilitator


I like my work best when I can motivate and help other people. I constantly strive for excellence in everything I do and I’m open to different ideas that challenge my views. I believe in constant change which drives my innovative mindset. My background is both in technology and business with more than 15 years’ experience ranging from demand, development to service management. I enjoy taking initiative and carry out new ventures.

I try to keep things simple and bring my skills when I coach and facilitate to inspire people and help them innovate. I’m passionate about all forms of facilitation and coaching be it face-to-face or virtual facilitation. I also enjoy creating different e-learning training, holding innovation workshops and design thinking hackathons.

I also find it very important to nurture my creative side along the way (visual arts: photography, sketching, videography and all areas of design) through both my work and hobbies – which I’m happy to say I get to do often enough.

Coach & Facilitator


I work as coach and facilitator in the Business Technology Academy. My focus is business simulation games such as the DevOps simulation. I consider myself a full-stack Business Technology professional of sorts. During the past 20+ years, I’ve worked in wide range of various IT and business management roles in and with organizations ranging from global enterprises to startups in a variety of industries.

I enjoy looking for new perspectives to phenomena and challenging myself and others to continuously develop ourselves and to expand our thinking. Being in the discomfort zone is the way to grow. As a coach I like to cross breed theoretical frameworks, practical examples, illuminating stories and humour. I see simulation games as a perfect way to combine these into an engaging and fun day.    

I enjoy exploring life through various projects and experiments. Some of these involve focused self-development both physically and mentally, while others focus more on creative aspirations related to areas like photography, writing and digital media.

This website uses cookies that provide necessary site functionality and improve your online experience. By continuing to use this website, you agree to the use of cookies. Our privacy notice provides more information about what cookies we use and how you can change them.
This website uses cookies that provide necessary site functionality and improve your online experience. By continuing to use this website, you agree to the use of cookies. Our privacy notice provides more information about what cookies we use and how you can change them.