Skip to main content

Two years later: The GDPR, data privacy and how far we have to go

(Image credit: Image Credit: StartupStockPhotos / Pixabay)

The GDPR dramatically changed how organizations handle and process personal data. Many companies were left struggling to ensure compliance and get their data privacy procedures in order when the regulations were enacted in May 2018 – and most did not make the deadline.

Two years later, many organizations are still burdened with dark and siloed data – largely because they lack the necessary data management infrastructure. According to ASG’s recent survey, 41percent of respondents currently don’t have a data inventory, which means they still don’t know what data they house, which is required to remain compliant.

It’s important for organizations to comply with regulations to avoid being fined and risking damaged reputation and trust with customers, but there are standalone benefits, too. ASG’s survey showed 39percent of respondents say data regulations help their team’s ability to use data effectively. While somewhat surprising, this finding highlights the value of forcing enterprises to modernize their data management, invest in new tools and know what data they possess.

Organizations should continue assessing their GDPR strategy to reap these benefits and sustain compliance in the long term. Spoiler: it starts with really good data management.

How to get your data house in order

It turns out that GDPR compliance and business decision-making require the same thing: a full knowledge of what data an organization has. Just like organizations need to identify and find personal data for compliance with the GDPR, they need to be able to discover valuable data from which they can glean business insight. However, both defensive and offensive strategies are impossible when organizations are swimming in dark data. According to ASG’s survey, 38 percent of respondents believe a significant portion – half, most or all – of their organization’s data is dark. Another 50 percent say at least some of their organization’s data is dark.

Getting an organization’s “house” in order starts with building an “as is” data inventory, which collects metadata from the data sources inside and outside the business, so organizations know what data they have today and in the future. This step allows organizations to learn what business assets the data is connected to and how to determine where information came from. Implementing an inventory lays the foundation for a mature data environment – which supports compliance and, an even broader goal, establishes trust.

How to establish trust with an automated inventory and data lineage

where it is and who has touched it. They also cannot glean value from data they can’t trust. Sixty-three percent of respondents to the ASG survey believe inaccurate, outdated or otherwise “bad” data has been used to fuel business decisions in their organizations. Data-informed decisions, when using untrustworthy data, can cost organizations money and time, and even introduce risk.

Data compliance and governance programs require the ability to quickly locate all personal information managed to demonstrate compliance to supervisory authorities. A data inventory can automate the scanning and identification of personally identifiable data across the data estate by carrying forward the tagging of critical data, data privacy and quality information. That way, organizations know exactly what information they have and where it is in the organization on an ongoing basis.

Creating and automating an inventory of data assets is valuable for both defensive and offensive data strategies. According to ASG’s survey, the top barrier facing organizations is finding and gaining access to the right data – which an inventory makes possible. Even more interestingly, every respondent who selected this as a barrier also included risk of non-compliance with privacy regulations as a barrier – underscoring how not being able to find and access the right data can cause a ripple effect of data management issues.

Organizations can then couple their data inventory with data lineage capabilities to trace data from its origin to where it delivers value. Traceable data is trusted data, as organizations can fully understand where information comes from, how systems process it and how it’s used. Data lineage capabilities are especially important in the current climate as work from home continues to be prevalent. With more employees working remotely, the enterprise has expanded beyond the four office walls – but it is no less responsible for the data as it travels beyond the traditional perimeter. With the ability to trace the data, even when it hops to external locations, organizations can continue to comply with confidence.

By implementing an inventory and data lineage, organizations can understand their entire ecosystem, proactively seeking out dark data, tackling compliance and pivoting quickly as regulations like the GDPR continue to grow.

How to approach the next two years

Enterprises must keep in mind that compliance is not a burden – it’s an opportunity. The GDPR may have inspired a defensive data strategy, but the same data intelligence practices can also fuel a powerful offensive strategy. A mature data environment is essential for enterprises looking to capitalize on today’s most forward-looking technologies, such as artificial intelligence (AI) and machine learning (ML). Enterprises need to trust the data they feed into AI and ML programs. If they rely on bad, wrong or non-compliant data, the AI-enabled technology will glean equally bad or wrong insights. 

Establishing trust and compliance also means caring about customers. From keeping their information safe to making decisions that improve their experience, data intelligence is an important pillar for the enterprise of the future. If organizations start with an inventory and automated lineage now, they will feel well prepared for the next GDPR anniversary in 2021.

Kyle McNabb, SVP of Product Marketing, ASG Technologies