When it comes to data, regulatory compliance isn’t easy. Regulations are nothing new in industries like financial services, healthcare and insurance, but no singular piece of legislation has had the impact of the European Union’s General Data Protection Regulation (GDPR), which went into effect in May 2018. The GDPR represents the most aggressive effort by governments yet to formalize, unify, and strengthen data protection. In many ways it has been a catalyst for new regulations worldwide in data privacy and beyond. But it also impelled many companies to examine their internal processes through the lens of data privacy and security to ensure they stand up to regulatory scrutiny.
The GDPR applies to any business handling the data of European citizens, but its impact has been felt worldwide. After GDPR went into effect, Canada was quick to update the Personal Informational Protection and Electronic Documents Act (PIPEDA) with GDPR’s standards in mind. California passed the Consumer Privacy Act of 2018 (AB375). We not only saw the evolution of data privacy-specific laws, but we’re seeing additional regulations. In the already heavily regulated banking industry, the European Central Bank (ECB) will now conduct a targeted review of internal models (TRIM) to assess whether the models currently used by financial institutions comply with specified regulations. The ECB is specifically targeting “banking own fund” requirements, or the minimum amount of money banks are required to keep in-house to guard against unforeseen losses.
These regulatory requirements and assessments are crucial to ensure that internal organizational processes protect consumer and citizen privacy. However, they are also a major headache for many companies.
Facing Regulatory Requirements Head-On
Data is constantly passing through the data supply chain. As soon as a piece of data is created or ingested, it begins to move. As it moves, it may also manipulated and transformed by people, processes and systems.
The route a piece of data takes through a data supply chain is also unpredictable. Data doesn’t just move from point A to point B. Organizations have large, complex data environments. A single data transaction can easily move from point A to point K, back to point G and then to point V. As data travels, its format, function and quality levels can also change. It may even transform multiple times along its journey.
Data complexities can wreak havoc on efforts to comply with regulatory requirements, whether region wide regulations like GDPR or industry-specific processes like TRIM. That’s why it’s critical for organizations to track data lineage as data passes through various systems and platforms, to create a complete audit trail for data’s lifecycle.
How to Track Data Lineage
Business lineage provides visibility into the data pipeline by investigating data’s origins and where it travels over time. Business lineage traces data errors back to their sources, so business users can understand and rely on their data to generate trustworthy insights. This level of lineage will allow a user to understand which applications and processes data passes through. However, business lineage has limited applicability when it comes to regulatory compliance.
On the other hand, technical data lineage is critical for regulatory policies. Technical data lineage reports all the complex details of a particular piece of data and the physical location where this data resides. This includes data storage procedures, how data combines with other data sets and data transformation processes. Technical lineage enables IT resources to interactively explore these details and quickly search any data glossaries. More importantly, it demonstrates the impact regulatory policy has on various data environments by identifying where personal or protected data may reside and how that data changed over time.
With technical data lineage in place, data stewards can work to establish both GDPR and TRIM compliance. By analyzing the multiple steps data takes throughout an environment, across data stores and any other technical alterations, data stewards can grasp the granular enterprise data flows and navigate the multiple hops data makes throughout an enterprise. As a result, sensitive data remains private and banks ensure fund requirements are satisfied.
Are you looking for additional information about data lineage and regulatory compliance? Check out this webinar:
For a deeper dive into this topic, visit our resource center. Here you will find a broad selection of content that represents the compiled wisdom, experience, and advice of our seasoned data experts and thought leaders.