Use the GDPR to jump-start data governance initiatives
Whether we like it or not data breaches have become a regular occurrence. IDC predicts that by 2020, data breaches will affect nearly 25 percent of the world’s population.
Most of us are familiar with recent breaches that have had an impact on customer information: Equifax, eBay, Home Depot, Whole Foods, Target, Verizon Wireless and Yahoo, to name a few. But there are many more that fly under the radar, and are no less disconcerting.
The primary consequence to this new age of cyber-attacks is that individuals are thinking more seriously about their online privacy. Consider the amount of data entered online daily, multiplied by millions of people: addresses, birthdates, credit card numbers, passwords, and so much more. And while more abstract cases (e.g., “identity theft”) only resonate with people who have experienced it closely, other cases about credit cards, or access to daily services hit closer to home. Consumers will want to know: How is my data being protected? And more important, how and why is it being used?
Consumers aren’t the only ones concerned. For years, governing bodies have enacted regulations to address data privacy. A few have begun to address the challenges of the burgeoning digital age, where so much data has been created so quickly that it’s extremely difficult, if not impossible to control. How do you deal with this complexity without crippling businesses?
The General Data Protection Regulation (GDPR) has received a great deal of attention lately, with the deadline for compliance by May 25, 2018. The GDPR broadens the scope of personal privacy laws to protect the data rights of EU residents, giving individuals greater control over who has their data, and how they will use it. It’s an extension of data privacy laws that have been in existence for decades in Europe.
At its heart, the GDPR is about data and how that data is protected. Many organizations have been caught flat-footed by the looming regulation. But it’s not only compliance with the regulation that should be of concern to businesses.
The Internet of things (IoT) and artificial intelligence (AI) both involve personal data, and lots of it. Companies are exposed on several fronts. In this age of data awareness by consumers and the watchful eye of regulators, companies must proactively address important issues, such as user privacy, organizational transparency and data trust. And there’s little time to waste. It’s estimated that more than five million new devices are being connected to the Internet with the potential to reach more than 21 billion by 2020. As the number of devices grows, so does the threat for more breaches.
Without a doubt, the GDPR has become a forcing factor for organizations to reevaluate and revamp their long-term data protection strategies. The good news is that in preparing for the GDPR, companies can simultaneously meet the growing data security issues brought about by the proliferation of data and new technology.
Data governance can serve as the foundation for GDPR compliance, while offering a framework that will help mitigate security issues brought forth by new, disruptive technologies. Data governance is an essential part of overall data security. It provides a framework for managing and defining enterprise-wide policies, business rules, and data assets to provide the necessary level of data protection and quality.
This is crucial in meeting specific requirements of the GDPR, such as ‘Privacy by Design,’ which states that protection of personal data must become part of your organization’s DNA.
Specifically, data governance helps an organization answer three crucial questions specific to the GDPR, but they also apply to broader data security initiatives.
- Where is my data?
- Who is responsible for that data?
- How and why am I processing that data?
With data governance, organizations gain clarity on what data they have and who owns it. This clarity makes it easier to report on data, a critical requirement of regulators. When you can find data, understand it, and trust it, you can provide the evidence that regulators need to prove compliance.
The GDPR has raised the stakes around data protection and data privacy, to be sure. But the surge from the data tsunami keeps rising. Forward-thinking companies must look beyond a 'one and done' mindset when it comes to data privacy and security.
Data governance can’t prevent breaches from happening, but it can help organizations fortify their data, and be prepared to handle risks as they arise.