With under eight months until the General Data Protection Regulation (GDPR) comes into force, the final countdown is on for businesses to ensure their data management processes are fully compliant. For the biggest firms processing gargantuan volumes of data across the EU, implementation began the moment the regulation was passed. Worryingly, however, the complexity of information governance is deterring smaller and medium-sized businesses from tackling their own GDPR compliance.
With the window for change closing and the grave financial implications of non-compliance — up to €20 million or 4% of annual turnover, whichever sum is greater — businesses simply cannot afford to neglect their information management. But how can enterprises with fragmented and replicated sources ensure data compliance? The solution lies in intelligent information insight.
GDPR — what you need to do
After 25th May 2018, companies will need to demonstrate, when requested, they are compliant with the following:
- All data must be processed lawfully and entirely transparently. No covert usage of consumer or client information.
- Information must be collected for genuine and specific purposes, and this must be outlined from the outset so those providing the information are aware of the process.
- Data must only be collected if it is specifically required for processing and limited to this level.
- All information must be kept accurate and up-to-date. This point can be particularly problematic for businesses that lack transparency over the data they are holding.
- Data must be stored in such a way that it only reveals the identity of the subject, consumer or client if or when it is absolutely necessary.
- Data must be processed with full security in mind, ensuring it never falls into malicious hands and it is not lost, corrupted or destroyed unlawfully.
- All new systems that touch or store data, such as CRMs or payment processing platforms, will be developed with encryption and security at the forefront of their design.
Who is obliged to comply?
The GDPR was approved and adopted by the EU Parliament in April 2016 and unlike a EU directive, it does not require subsequent or supporting legislation to be passed in parallel. The bottom line? There is no uncertainty that the GDPR will come into effect in May, so there’s little room for complacency.
The GDPR applies to all organisations that offer services or goods to EU customers, or process or hold personal information of data subjects within the EU. This is entirely irrespective of the business’ location, including a post-Brexit UK trading position.
Despite the lack of clarity around the EU / UK’s divorce deal, companies that have UK-only activities are still advised to comply with the GDPR for two principal reasons:
- The GDPR will almost certainly come into effect before we witness a post-Brexit Britain, considering the length and complexity of negotiations
- The UK Government has indicated that an equivalent legal requirement will be implemented, following the popularity of the GDPR as a privacy standard.
Businesses must comply, not only to protect themselves from the aforementioned fines, but to safeguard against the risk of lost customer confidence and sales, security breaches, sanctions, and potential lawsuits.
Why is information governance complex?
Unfortunately, with so many data collection points, businesses are facing serious visibility challenges. This is coupled with a systemic company mindset of data hoarding for auditing purposes. This habit, in particular, can have serious implications; according to a survey by Veritas, 86% of IT decision makers believe the amount of data their company holds would negatively impact their ability to respond to a data breach, and 87% believe that hoarding data can be harmful their company.
Over half of the average company’s data could be entirely redundant, with no legal or operational value whatsoever. This dark data could be swallowing huge sums of business profit in storage and maintenance, for zero benefit.
It is imperative, then, that businesses first audit and assess their sources of data, no matter how fragmented. While this may be complicated, enterprises need a holistic overview of their information in order to establish more robust control over it.
Data compliance through information insights
The first step to ensuring data compliance is to locate, identify, streamline, consolidate and minimize your information sources. Then, with intelligent analytics and reporting, data becomes less of an untapped expense and a more of a valuable asset.
Automated workflows and more customised processes automatically give your firm more knowledge to predict trends and behaviours, not to mention the potential to flag a crisis ahead of time. What’s more, data insight services from third parties have powerful security solutions woven into their design, aiding GDPR compliance.
Veritas’ Data Insight solution, for example, identifies and profiles information by analysing attributes and user behavior. It can identify gaps and surface malicious, non-compliant activities by applying machine learning techniques.
Visualise for deeper understanding
Information insights are essential for intelligently consolidating fragmented data sources, and ensuring your processes are ready for the upcoming GDPR. These insights, however, are far more digestible to the human brain when they are visualised.
By turning data into an immersive experience, complete visibility can be achieved. This can reveal the depth of your company’s dark data and how to deal with it. As well as insight services, Veritas can deliver extensive visibility across different cloud and legacy on-premises data stores.
The data compliance clock is ticking
With the GDPR soon knocking on the door, the scope and opportunity for implementing business-wide change is decreasing. Rather than deploying reactive or internal band-aid data management solutions, you can turn to experts for thorough and holistic information governance.
Information insight services can ensure you know exactly what data your business is storing, make sure it is being processed in an entirely compliant fashion, and negate the costs of storing dark data. With our partnership with Veritas, we can offer intelligent insights and clearer data visualisation. Together we can simplify the complex process of aggregating your business information, secure your data sources and ensure you’re entirely GDPR-ready.