If GDPR is the question, is data visibility the answer?

We’re in the midst of an interesting period for information governance.

Not only are growing trends such as the Internet of Things resulting in the creation and collection of more and more data, incoming Global Data Protection Regulations (GDPR) are putting companies under pressure to up their games in terms of data protection and privacy.

With this double-edged sword as the backdrop, I spoke to Chris Talbott, and Shawn Aquino, senior product managers at Veritas, about the barriers businesses are coming up against when it comes to managing and governing the data they are collecting.

“Data is growing unwieldly fast,” said Chris, making GDPR a scary proposition for businesses that will have to comply with a new set of requirement or risk being fined up for 4 per cent of annual turnover. All of this data is creating a “complex, heterogeneous and very noisy environment,” as well as a “stale” one given the fact that 41 per cent of data has not been modified in the last three years.

One term that is often associated with this type of environment is ‘dark data,’ i.e. information that has no context around it. Recent Veritas research found that 52 per cent of the data analysed was ‘dark’. According to Chris, the problem stems from the fact that information management has traditionally been infrastructure-led, so data has been collected without much though regarding what it actually is. But: “that legacy approach to information management needs to change when the data is growing so fast and it’s so complex.” The traditional view of “the more information you have, the more you store, potentially the more value will come of it eventually” is no longer applicable because the scale involved is simply too great.

What all of this ultimately means is that it has become increasingly difficult for companies to know the pieces of information that are valuable and those that aren’t. IT managers “can’t necessarily see relevant or valuable information vs the rest of their data” which has the potential to lead to some tricky situations in the current climate. From an IT management point of view, just think about the Right to be Forgotten. If someone asks for their data to be deleted, will IT managers actually have the capacity to find all the information about that individual?

So, let’s paint the full picture. You’ve got companies rapidly increasing in both size and complexity, the “essentially exponential” growth in the amount of data being collected, IT managers being unable to tell the difference between what’s valuable and what isn’t and new regulations clamping down on the use and protection of this data. That’s sounds about as close to a perfect storm of non-compliance as it’s possible to get.

The solution, according to both Chris and Shawn, is to start “optimising your environment.” System admins and IT managers should be “empowered to start deleting some of that information” as well as “archiving the meaningful stuff.” Companies need to “start first by answering that visibility question,” by placing context around information that “enables people throughout your company to recognise it as valuable or not.”

“If your environment is cleaner, it’s more organised, your employees are more productive and you’re able to generate more value out of what you’re doing with your information,” as well as helping to give your company a “fighting chance” when it comes to data privacy and Right to be Forgotten requests.

“Organisations need that initial visibility to ensure they’re delivering the best data,” said Chris, and with the new data breach regulations on the horizon, that visibility could be the different between compliance and a potentially massive headache.

Image Credit: alphaspirit / Shutterstock