The EU’s General Data Protection Regulation (GDPR) goes into effect in May of 2018, and organizations are under tremendous pressure to ensure that organizational policies, processes and systems are all compliant with this ground-breaking and wide-reaching data protection regulation. The GDPR expands upon many of the tenets of the Data Protection Directive passed in 1995, but with a breadth and scope far broader than two decades ago, before the dawn of big data, and back when our conceptions of data privacy didn’t include today’s global internet, social media, or mobile technology.
So while the foundation of data protection has long existed in the EU, any penalties for noncompliance were left to the discretion of member states’ data protection authorities. Fines for violations were infrequent, and the financial risk was low. For these reasons, it is only as GDPR goes into effect that many companies are forced to take a serious look at personal data protection, and implement a framework of GDPR compliance, since the threat of maximum penalties are as high as €20 Million or 4% of annual revenue. Organizations can’t afford, either literally or figuratively, to risk the consequences of noncompliance.
Understandably, for many organizations this focus on GDPR has put other business and IT initiatives on the back burner. The efforts to implement a GDPR solution has deprioritized a host of other projects for companies that process personal data for EU residents due to these large fines, and because reputational risks for violations are too great not to make GDPR compliance priority one.
Budget constraints are a reality at any organization, and the price tag for GDPR compliance is likely to be hefty. But implementing a GDPR solution doesn’t have to be a zero sum proposition, where other key initiatives are shelved indefinitely. A strategic approach can turn the GDPR deadline from obstacle to opportunity, and allow you to address other critical data challenges at the same time, within the same project, and with the organizational buy-in you need.
Beyond regulatory compliance hurdles such as GDPR, as big data environments increasingly become the norm, two persistent challenges organizations face are data quality and data governance. Companies are ingesting data at a rapid pace, but often they don’t know whether that data is accurate, reliable, or even usable. Directly related to this quality issue, there is often little understanding of the data, from its source, to its meaning, to its ownership and usage. When data is misunderstood and mistrusted, it can’t be relied on to generate actionable insights to drive business forward. But implementing a data governance solution can provide clarity throughout your data supply chain, and give your business users not only what they want, but what they need to reach smart and valuable business decisions and improved outcomes.
And here’s where that happy coincidence that I alluded to earlier comes in—data governance is a core component of the GDPR, and as such, it should be a foundational part of your GDPR compliance strategy. As Elizabeth Denham, Information Commissioner for the U.K. stated in a speech earlier this year, “The GDPR mandates organisations to put into place comprehensive but proportionate governance measures.” Tracking consent receipt, usage, data subject rights requests, as well as personal data location, retention, and erasure will all require a strong framework of data governance, as well as workflow management and visualization—all of which should be components of a robust data governance solution.
Beyond the key components of data governance, a platform that offers the benefits of automated audit validations and analytics can use machine learning algorithms to locate hidden personal data across your enterprise, and even monitor to identify areas where you may be noncompliant. And once you have the power of analytics and governance, there are many ways you can leverage that platform to improve insights and give your business users what they want, beyond just what the business needs from a compliance perspective.
And we haven’t forgotten about data quality. As companies look for ways to ensure the accuracy and integrity of data in their data environments, a comprehensive data governance solution can provide ongoing, automated data quality monitoring to validate the reliability of your data and the value of the insights you derive from it. And data quality is a critical component of the GDPR as well. Reconciliations between sources and systems are an integral part of data quality controls, and ensure that GDPR regulatory requirements such as right to erasure, right to rectification, and retention are followed.
To learn more about how a multi-faceted GDPR compliance solution can address other data challenges, check out this data sheet.
For a deeper dive into this topic, visit our resource center. Here you will find a broad selection of content that represents the compiled wisdom, experience, and advice of our seasoned data experts and thought leaders.