To GDPR and Beyond: Accelerate Your Voyage of Discovery
With the General Data Protection Regulation (GDPR) coming into force on 25th May 2018, is your organisation still among those yet to act to ensure personal data is protected? If so, it’s not too late to get started.
Fundamentally, GDPR is not so much a compliance initiative as a master data management (MDM) initiative. Getting to grips with your master data is an opportunity to enhance the way your company does business and differentiates your brand. After all, you need a foundation of accurate, complete, consistent, and timely data to create the seamless experiences today’s customers expect. You also need fine-tuned business processes and the ability to make strategic and tactical decisions when they matter most.
GDPR requires organisations to identify and make reasonable efforts to safeguard EU citizens’ data, and ensure the accuracy of personal data they hold on employees, customers and prospects – things that your business should be doing as a matter of course to maintain its reputation as trustworthy. In practice, it means you need to understand not only how and where data is being used and transmitted, but also where it is stored because much of your potentially regulated legacy data is likely to be languishing in silos, going out of date.
Data, Data Everywhere
To mitigate GDPR risk – and more broadly, control data sprawl and prevent leakage – you first need to locate all personally identifiable information (PII) across your business. However, compiling an inventory is easier said than done.
It is typically an onerous, manual process, which makes it prone to human oversight. Across your organisation, you may find that sensitive data differs by business segment or region. There may be pockets of duplicated data littered across local hard drives, file sync and share cloud services, or back-up systems. And PII may lurk in unexpected places, such as non-core systems (as a result of shadow IT), spreadsheets, or buried in free-text comments fields. This is where automated PII discovery tools, like our Accelerator for GDPR PII Compliance Analysis can help to jump-start your analysis.
Automating Your Discovery
Automated discovery uses software and analytics to dynamically detect PII in structured data sources and compare it against expected outcomes in a set of categorisations, generating a high-level view of your GDPR risk at the same time. It accelerates the process of determining the location, occurrence, and prevalence of unorganised and unknown data, making it easier to establish where PII exists, as well as documenting what data is expected and where it should reside.
Deep, targeted analysis can help you assess risk and identify any compliance shortfalls. But these insights aren’t limited to near-term GDPR efforts. You can use them over time to reduce poor data management practices and put structured processes in place for securely storing and processing personal information. Your newfound understanding of your data landscape can also be applied to wider data governance initiatives, such as a single view of the customer (or employee), or managing consent around communication channels and data usage.
An Objective Pair of Eyes
Once you have determined where your PII data resides, then what? A data protection impact assessment can help you to understand where and how personal data is being created, managed, and consumed across your business. A preliminary audit and gap analysis can then ascertain whether you’re covering the key aspects of GDPR, and how to go about building an information lifecycle model for GDPR-relevant data. If that sounds daunting, you need not struggle singlehandedly: we (and our partners with complementary expertise) help businesses like yours navigate their data protection journey with just such personalised assessments.
So while the clock is certainly ticking, it pays to remember two things: firstly, we’ve got your back. And secondly, beyond GDPR compliance, your master data efforts will yield not only a single source of truth, but a single point for controlling the quality of customer and employee data, making it much more valuable to your business.
To inquire about a personalised Data Protection Impact Assessment, get in touch.
(Click the image to view the full-size infographic)