You’ve probably heard the phrase, “Our people are our greatest asset”. You may have even used it, or other variations of the same phrase. But is it true?
I don’t believe it is and in this post I am going to describe what I think the greatest asset of your business is.
The people that run and operate any business are certainly an asset, but no more so than any other asset that you need to keep your business operating profitably. Good people can certainly be hard to replace, but just like many other business assets (offices, machinery, computers etc.) they can be replaced. No-one is indispensable, particularly if you have the right contingency plans in place. Even the CEO and top team can be replaced – let’s face it, we do see this happening from time to time if the shareholders are not happy with their performance.
So, if it is not our people or the other traditional fixed assets of a business that I think are its greatest asset, then what is.
In the digital age, data is a businesses greatest asset. Back in 2006, Clive Humby, UK Mathemetician and architect of Tesco’s Clubcard, is quoted as saying: “Data is the new oil. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc to create a valuable entity that drives profitable activity; so must data be broken down, analysed for it to have value.”
Back in 2006 there weren’t that many businesses that had the resources like Tesco did, to collect and mine the information held in their data and transform it into value. However now with the proliferation of mobile, the ‘Internet of Things’ (IoT), the power of computing and ‘Big Data’ there is a vast amount of data being collected, stored and transformed into a valuable business asset every minute of the day. The Data Never Sleeps infographic below from Domo shows how much digital data we consume every minute of the day. All these transactions generate data about our habits, social preferences and buying choices.
Big Data is big business and creates a very valuable asset that any businesses needs to protect. You look after your other assets, whether this is property, machinery, computers etc, so you need to look after your data too.
With the advent of the GDPR* we now have tougher legislation to enforce businesses to protect the data they hold on individuals. However, it makes good business sense to look after your data, not just because you will face serious fines if you suffer a breach, but because looking after your data gives you the opportunity to transform it into an essential piece of intellectual property.
But here’s the rub. Since computing resource got cheaper and storing digital information is no longer a problem most organisations have a culture of hoarding data whether it is useful to them or not. We do this at home too. What happens when our hard drive is no longer big enough to hold the music collection? We just buy another disk or flash drive, or for a few pounds/dollars we rent some online storage. Most organisations have gigabytes of data with much of it not being used to drive value for the business.
So, what happens when your assets start to work against you? They become liabilities. The greatest asset in your business could also become your greatest liability unless you manage it probably. The more data you have the greater likelihood that there will be a data breach. Particularly all that legacy data that has been moved on to legacy hardware and may not be patched correctly.
Protecting your data
What measures do we need to take to protect this most precious of business assets?
- Identify the data you hold. Produce a data map defining what data you hold, paying particular attention to any ‘personal data’ as defined by the GDPR. Note this can now include IP addresses and pseudonimised data.
- Identify where your data is. Next you need to define where your data is stored. Don’t forget to include data held in databases and legacy systems that you may be keeping for historic or reference purposes. Your data map should also include details of paper records held in archives.
- Categorise your data. This includes identifying any data records that may contain ‘sensitive’ data including data you hold on minors. It is important that you record that you have the explicit consent of the individual to hold their data and you record the purpose for which you hold the data. Again this is much more relevant under the GDPR than it was under previous data protection regimes.
- Add retention information. This is the tough part because it will require a cultural change in many organisations where you critically look at why you are holding data. Law firms, particularly in the UK, have been very good at collecting data but don’t have a culture of deleting it when a case closes or a client moves. As well as GDPR you need to be aware of other statutory requirements for keeping data.
- Destroy the data you no longer need. The less irrelevant data you have the more time you can spend looking after the really valuable data.
- Secure your data according to who needs access and the sensitivity / classification of the data.
- Put in place a regime to ensure all data repositories are kept maintained to reduce the risk of a data breach.
- Maintain an active risk management process around your data, which includes paying attention to the culture in your organisation for managing information security.
How you actually go about achieving the above will depend on the size of your organisation and how much data you hold. There are various tools on the market that will help you with data mapping and categorisation, but a simple method using a large sheet of paper or spreadsheet may be just as effective for small businesses.
Data Management Tools
What is more important is that you have the right tools for ongoing management of your data and the risks associated with it. I can recommend several document management systems that all have functionality for ‘records management’ (this includes the ability to attach retention times to documents and have the system automatically identify documents for destruction). I can also recommend tools for assessing GDPR risks and their ongoing management.
Whatever size your organisation is do make sure you treat the data you hold about your business and customers as your most valuable asset.
An important factor that I haven’t mentioned in this article is the cyber security aspects of looking after your data. I have discussed this in previous articles and recommend my partner BLOCKPHISH when it comes to assessing your risk and putting in place the right culture to minimise data breaches.
For more information please contact me using this form or email. You can also book a free consultation, either face to face (if located in the Channel Islands) or by phone. Use my booking form and select the free Initial discussion option.
*GDPR refers to the EU General Data Protection Regulation. If you don’t know about it, you need to find out! Whether you are based in the EU or not, the GDPR and its equivalent legislation is going to massively impact your business and the way you work. You can read more about it here.