Julie Skeen | August 7, 2017

Managing GDPR Requirements to Achieve Compliance

The General Data Protection Regulation (GDPR) effective date is quickly approaching, and organizations worldwide seem ill-prepared for it. According to Telecoms.com “with just under 12 months to go until the European Union imposes new data protection regulations, there seems to be a growing sense of unpreparedness throughout the industry.”

The article goes on to cite a survey that was conducted by Veritas, asking respondents how prepared they feel their organization is for GDPR. The survey states that “47 percent of the respondents fear their organization won’t meet the requirements of the legislation, with 18 percent worried non-compliance could ultimately put their organization out of business.”

Entire organizations are at stake here, and with fines high enough to put people out of business, it’s alarming that so many organizations are so woefully unprepared. And while the regulation technically only applies to organizations who do business within the European Union (EU), the Information Commissioners Office in the UK has also announced it will put forth nearly identical rules for any organization that conducts business within the UK—so even after Britain formally exits the EU, similar regulations and penalties will still apply there.

If your organization is one of the 47 percent of respondents that fear it will not meet GDPR requirements, here is what you need to do.

Complying with GDPR 

In order to prepare for GDPR, organizations operating within the EU, or processing the personal data of EU residents, need to ensure data governance. And trustworthy data governance begins with trustworthy data, whose quality can be ensured through  data controls, to conduct automated data checks on data reasonability (out of range), data conformity, and data accuracy to address data quality and detect unusual activity that can be flagged as abnormal.

GDPR compliance gives individual residents of EU states power over their personal data, and will require organizations to actively manage, secure, and govern that data throughout its entire life-cycle. Once data quality for personal data has been proven, organizations can identify and classify the inventory of personal data that an organization has collected by implementing a robust data governance framework. Doing so will provide organizations an understanding of their data lineage, which identifies how and where data enters an organization and the diverse storage and integration points that the data flows through. In addition, a data governance framework with analytics incorporated into it can deliver enterprise-wide control and visibility into personal data processing risk areas, automatically identify where proper oversight may be lacking, and utilize machine learning to account for any hidden personal data, in order to comply with GDPR requirements. These steps will help protect the personal data of customers and will facilitate organizations’ GDPR compliance, but finding a GDPR solution that provides not only the foundation of data governance, but also integrated, automated controls and data checks as well as analytics can be a challenge. Finding a single source to solve multiple GDPR requirements and challenges is the preferential route for many organizations in an effort to increase efficiency and reduce cost. 

A Single Platform Solution  

A platform that harnesses the power of data governance, data quality, and machine learning analytics will cover a wide variety of GDPR requirements. By utilizing all three capabilities in one platform, the necessity of complex integration and reporting is removed. In addition, a sequence of end-to-end data controls provides transparency to meet all GDPR information privacy and security compliance standards.

With analytics wrapped around the solution, it should include a self-service, big data analytics platform designed to handle not one, but rather multiple steps from data ingestion and preparation to data analysis and operationalization. Where data quality checks are required, an integrated platform solution must be able to conduct data profiling, completeness, consistency, reconciliation/balancing, timeliness, and value conformity in order to roll up data quality KPI’s alongside data definitions within the data governance business glossary. The solution should be designed with a data preparation visual workflow to empower the business user to aggregate and control data in order to accelerate and improve the subsequent data analysis process, applying analytics to extract value from the data.

Using a platform with a proper data governance solution should deliver an all-inclusive view of an organization’s data landscape, allowing organizations to easily define, track, and manage all aspects of their data assets. This enables collaboration, knowledge-sharing, and user empowerment through transparency across an enterprise.

Finally, users should find a solution that enables them to source data from multiple data platforms and applications. It should empower users to apply statistical and process controls, as well as machine-learning algorithms for segmentation, classification, recommendation, regression and forecasting. Users can create reports and dashboards to visualize the results and collaborate with other users. Additionally, it should allow users to create automated notifications, manage exception workflows, and develop automated data-processing pipelines to integrate the results of that analysis back into operational applications and business processes.

Using the right set of solutions, organizations operating in the EU and the UK can ensure integrity from source system to any destination. In addition, it can profile and identify critical data, as well as classify, document and govern their most important data assets.

To learn more about GDPR and protecting customer data, download this white paper.

Download the White Paper

Subscribe to our Blog!