General Data Protection and Regulation (GDPR) is a law concerning every EU citizen and enforced on all 28 member states of the EU overhauling the Data Protection Directive of spring 1995 to bring into focus the protection of privacy of individuals in European Union (EU). This way the GDPR ensures rights of EU citizens and puts more responsibility on organizations. It is generally assumed that businesses process user information and it is only with a few companies that businesses do not process information at all. Different positions of key personnel such as HR, IT, Marketing and security teams that relate to customer data are governed by GDPR.
The GDPR enables every EU citizen to know how their data is being accessed, stored, transferred and deleted. Unequivocally, this allows the GDPR to affect your organization in its entirety. You ought to rework your fundamentals and find out how your data may be used from the word begin till the final say on the matter has been implemented. It has also to be seen how your data management and data governance system will support GDPR requirements.
These five steps towards meeting GDPR compliance will go far in educating you about the fundamentals:
Access:
The first step towards GDPR compliance is to monitor all types of data. It could be structured, unstructured, Hadoop Clusters, data at rest, data in motion and data warehouse and all such data that is crossing user landscape. It is not sufficient to think where user data could be residing but is critical to know the personal data at all points where it is and where it isn’t.
Identify:
Once the data sources has been accessed, it becomes necessary to identify what personal data can be found in each of the data sources. Often personal data lies buried in semi-structured fields. The need of the hour is to parse that data and bracket the data into fields such as name, social security number and email addresses. This can’t be done manually and with improved tool such as pattern recognition, standardization and data quality rules are vital to this process. Having the right sort of tools will enable you to meet the May 2020 deadline for GDPR Compliance.
Govern:
Grasping the definition of what data means across the length and breadth of your organization. GDPR compliance means sharing of privacy rules across all business points so that it is ensured that personal data is shared to the rightful people in the business chain ie: those with proper user rights. To achieve this roles and responsibilities should be demarcated in an organization to get the required level of control.
Protect:
Once the governance of data has been established, it is time to set the correct protection levels for the data. GDPR Compliance has three levels of protection for user data. They include encryption, pseudonymization and anonymization. Now apply the correct technique depending on user rights and application context. This should not be done at the loss of analysis, forecasting, querying and reporting.
Audit:
The last but not the least step of GDPR compliance is the audit process just to ensure your knowledge about your personal data in the contours of data landscape is known to you.
For more information, visit www.dataresilience.com.au or drop us a note at [email protected]