With Europe’s GDPR rules on information privacy inbound, Mazars is busy advising clients on their priorities to meet the compliance deadline
Defining key data being held is the first challenge to get an organisation ready for Europe’s General Data Protection Regulation (GDPR).
Only then can systems be cleaned up and made compliant, according to Léopold Larios de Piña, head of group risk management at the audit, accounting and advisory firm Mazars.
“First define the key data – which is not so easy. We need to be sure that wordings and definitions of digital risk are clear and consistent. We work with the IT guys to build those common definitions. That’s the first step,” de Piña said.
“Then it’s a case of how we delete and clean the systems of used data,” he added.
While many might be seeking to fight the immediate fire presented by readying for GDPR, he thinks getting their data in order has much broader benefits to mitigate data leaks and cyber risks.
De Piña joined Mazars in September with a mandate “to advance risk culture” among clients.
“I have a task to improve the management and governance of digital risk. It’s easy to say, but more difficult to implement,” he said.
He suggested that firms in Germany were – on balance – slightly ahead of the pack in Europe.
“What is key is to have the ability to understand the business and to understand the processes in the company, not just copying and pasting procedures. A deep understanding of the business is so important,” de Piña said.
“There is a difference between complying with regulation and the exposure to risks faced in real life. I would prefer to work with companies taking advantage of the regulation to rethink how they manage their data and digital risk globally,” he added.