Click to learn more about author Kyle McNabb.
The two-year anniversary of the GDPR came and went in May, and for most companies, it was a gentle reminder of the state of their compliance. Did they reach it in 2018? Have they been able to maintain it after meeting the deadline? Did they fail to meet the deadline, and are they still struggling to comply today?
The GDPR changed the way organizations need to think about their Data Management strategies and how they handle and process personal data. Leading up to the GDPR, the acceleration of digitization and data-driven business crept up on most companies. As a result, most were collecting unprecedented volumes of information without the IT infrastructure needed to find, understand, share, analyze, and trust the data.
This challenge still persists today, two years later. Most organizations did not reach compliance by May 2018, and even if they did, many are struggling to comply with data privacy regulations in the long term. Overwhelmed with dark, siloed, and bad data, it is nearly impossible to know what information is being housed or how to manage — or even leverage — it. This problem stems from the state of the IT infrastructure. According to a recent survey, 41 percent of respondents currently don’t have a data inventory, which is necessary to know what data is housed and to remain compliant.
Why is GDPR compliance still so important two years later? To start, the risk of fines and damaged reputation and trust with the customer remains. Yet, in addition to an adequate defensive Data Strategy, organizations stand to reap big benefits by reaching compliance. The survey showed 39 percent of respondents say data regulations help their team’s ability to use data effectively. There is value in organizations being forced to modernize their Data Management, invest in new tools, and know what data they possess.
For organizations that are still overwhelmed by data or that scrambled to reach the 2018 deadline and fell apart after, there are two steps to focus on. Read on to learn how enterprises can change their Data Management to support compliance and deliver more value to the organization.
1. Set Up a Data Inventory to Get Your House in Order
If readers remember nothing else from this article, memorize this takeaway: Organizations must gain full knowledge of what data they have. It is the key to GDPR compliance and smart business decision-making. Organizations need to be able to identify and find personal data for compliance with the GDPR, and they need to be able to discover valuable data from which they can glean business insight.
Yet it’s impossible to power either a defensive or offensive strategy when organizations are drowning in dark, siloed, and bad data. According to the survey, 38 percent of respondents believe a significant portion — half, most, or all — of their organization’s data is dark. Another 50 percent say at least some of their organization’s data is dark. Every piece of data that is unaccounted for increases regulatory risk or means organizations could be leaving value on the table.
Getting an organization’s “house” in order starts with building an “as is” data inventory. The data inventory collects metadata from data sources inside and outside the business, so organizations know what data they have today and in the future. This step allows organizations to learn what business assets the data is connected to and how to determine where the information came from. Implementing an inventory lays the foundation for a mature data environment — which is absolutely necessary for compliance.
2. Establish Trust with Data
Why is trusting data so important? Trust makes it possible for decision-makers to evaluate data’s potential fit and value for both human and AI/ML-driven analytics — and it plays a role in compliance. To trust data, business and IT leaders must understand where it came from, where it is, and who has touched it. If they don’t understand, and therefore trust, the data in this way, leaders cannot use it to glean value.
The survey exposes a pervasive distrust of data within organizations: 63 percent of respondents believe inaccurate, outdated, or otherwise “bad” data has been used to fuel business decisions in their organizations. Data-informed decisions, when using untrustworthy data, can cost organizations money and time and even introduce risk. Enterprises need to trust the data they feed into AI and ML programs. If organizations feed bad, wrong, or non-compliant data into AI- or ML-enabled technology, for example, the AI or ML will glean equally bad or wrong insights.
How do organizations establish trust? To start, they need the ability to quickly locate all the personal information they manage — which is also key to demonstrating compliance to supervisory authorities. Yet, according to the survey,the top barrier organizations face is finding and gaining access to the right data. Additionally, every respondent who selected this as a barrier also stated the risk of non-compliance with privacy regulations as a barrier. This overlap shows that the inability to find and access the right data can cause a ripple effect of Data Management issues. Organizations can fix this problem with two tools:
- Automated Data Inventory: A data inventory can automate the scanning and identification of personally identifiable data across the data estate by carrying forward the tagging of critical data, data privacy, and quality information. That way, organizations know exactly what information they have and where it is in the organization on an ongoing basis.
- Data Lineage: Data lineage capabilities trace data from its origin to where it delivers value. Traceable data is trusted data, as organizations can fully understand where information comes from, how systems process it, and how it’s used. Data lineage capabilities are especially important in the current climate as remote work continues to be prevalent. With more employees working remotely, the enterprise has expanded beyond the four office walls — but it is no less responsible for the data as it travels beyond the traditional perimeter. With the ability to trace the data, even when it hops to external locations, organizations can continue to comply with confidence.
By implementing an inventory and data lineage, organizations can understand their entire ecosystem, proactively seeking out dark data, tackling compliance, and pivoting quickly as regulations like the GDPR continue to grow.
The GDPR and other data privacy regulations do not have to be an ongoing burden to enterprises. By taking these two steps, organizations can modernize their Data Management to fuel both offensive and defensive strategies. The data intelligence practices that help protect customers’ personal information are the same ones that help business leaders discover new insights, develop new services, and shape better customer experiences. Trust, compliance, and analysis — all enabled by a mature data environment — are enterprises’ keys to the future. Not just the three-year anniversary of the GDPR, but the far-stretching digital road ahead.