Skip to main content

Data management in the era of GDPR and digital transformation

(Image credit: Image source: Shutterstock/Wichy)

At a recent event in London, Juan Beetge, Senior Storage and Compute Manager at News UK said: “understanding how data works and using it responsibly is key to understanding our readers and being successful from a commercial perspective. But it is equally important that data and technology enables our whole organisation to culturally buy into the on-going digital transformation journey that we, and the wider media industry is undergoing.”   

In just two sentences, Beetge captured the on-going tension between a need for data for digital transformation, and concerns around the responsible use and storage of data in an organisation. Data is the lifeblood of an organisation, but on the surface, it could seem like the additional rigour around data protection and usage could slow, or even stall digital transformation initiatives.   

The good news is that the two need not necessarily be at odds. A comprehensive data strategy that provides end-to-end data visibility and is designed to be secure, ordered and accessible (with controls), actually serves both demands. Creating a data strategy to serve both the needs of GDPR and digital transformation should be front and centre of a CIO’s plans both in the run up to the 25th May deadline, and well beyond. 

Good governance practices are good for business. Under GDPR, it becomes a legal requirement for organisations to keep information up to date and store it only long enough for the designated purpose, unless other laws and regulations deem longer retention periods. But, how does this help the business?   

Visibility across your entire data landscape 

Using traditional approaches, the level of effort required to see where any individual record is stored is hard to overstate, especially where unstructured data is concerned. Being able to effectively sift through mountains of information requires sophisticated profiling, search and analytics tools, which prove useful not just in locating an individual’s personal data, but also for how employees access and utilise information. Role-based access controls are also required to ensure that only the appropriate people have the access to the data. 

An example of this can be seen at the University of Leicester. Mark Penny, System Specialist (Infrastructure) at the university, said: “the student of today is far more demanding from an IT perspective than even three or four years ago. Our digital campus initiative is aimed at meeting these demands and will allow students access to the University IT infrastructure all over the campus, regardless of device – it’s effectively digital transformation in practice.” This kind of digital transformation can only be achieved with the sort of flexible, secure infrastructure that also lends itself to building GDPR compliance. 

Up to date data  

Under article five of GDPR, personal data stored by an organisation will need to be accurate and up-to-date. “GDPR is going to force organisations into a good deal of housekeeping regarding their data hygiene and usage, where previously it may not have been prioritised,” said Penny, highlighting that GDPR extends far beyond just a technology paradigm and into the actual business function itself. 

Paul Petty, IT Infrastructure Development Manager at Laing O’Rourke built on this, saying: “In reality the business leadership must partner with IT to identify processes, workflows and priorities of data (sets) across the organisation to ensure effective compliance. The journey towards GDPR has been a relatively quiet one to date (with the exception of its recognition within IT teams), but it is now gathering momentum within the wider business and public spheres.” 

Cleaner, better data, working through modernised processes and workflows doesn’t just improve compliance with the GDPR. It also becomes an enabling force for units within the organisation. With faster access to the latest data, DevOps and testing can be accelerated. Automation too, is a key cornerstone of this – ensuring that organisational policies are applied to new projects uniformly, and that during development, copies, revisions and updates are securely managed in the most space-efficient way.   

More up to date data, with clarity on the purposes that it is allowed to be used for, can also be useful for the business intelligence teams. With customer consent, these updated records can provide invaluable insights into customer behaviour, needs and challenges – all of which can help the business better serve its clients with easy-to-use, effective services. 

Reduced costs 

Because GDPR requires the deletion of all information that is no longer relevant or legally required, organisations will quickly find themselves being more streamlined in the data that they are collecting and storing. With fewer unnecessary copies or legacy files that have been saved for those ’just in case’ situations, organisations will quickly find that their storage bills for both on-premises and the cloud will shrink. IDC went so far as to say that there will be up to a 42% reduction in storage and data management costs, and a 52% reduction in software costs. 

These reduced costs in data maintenance can be reinvested in more innovative, higher value business initiative’s or high value technology projects like machine learning and AI. 

As GDPR compliance requires the collaboration of IT and business units, it provides the perfect opportunity for the two to come together to discuss digital transformation. At the heart of this is the conversation around what data the business needs, what it has, where it is, and what it’s being used for – exactly the same as for GDPR. 

By making compliance requirements and business objectives clear right from the get-go, IT teams can ensure data management approaches are suitable for both digital transformation and GDPR all at the same time.

Nigel Tozer, GDPR Specialist at Commvault (opens in new tab) 

Image Credit: Wichy / Shutterstock

Nigel Tozer is GDPR Specialist at Commvault. He has over 25 years’ experience in the IT industry and the past 21 years entirely focused on enterprise data & information systems.