Skip to main content

Why tackling data swamps is key to long-term GDPR compliance

(Image credit: Image source: Shutterstock/alexskopje)

In the last decade or so, access to data storage has become so affordable, easy and accessible that the instinct for many businesses has been to accumulate any and all data they can get their hands on. While, in many cases this has paid dividends in the form of new insights that might not have been discovered otherwise, it has also resulted in businesses housing enormous volumes of data, some of which isn’t used and could even be duplicated over various locations. This ‘data sprawl’ makes it difficult for enterprises to know exactly what they’re storing, where it’s saved and how it is being accessed.

Add the backdrop of the General Data Protection Regulation (GDPR) to the equation and all this data poses a problem, especially given that much of it qualifies as personal data. This means that, under the new GDPR laws, the data has to be controlled, secured and deleteable or anonymised. Combine this with the data tools commonplace across businesses of all shapes, sizes and industries - many of which are encouraging data sprawl by exporting data to third-party locations for analysis - and it has led to businesses across the globe facing enormous compliance challenges, especially now the GDPR deadline has passed.

Why does this matter for GDPR?

The goal of GDPR is to protect individuals by ensuring organisations have an effective data governance programme in place - which includes the collection, use, storage and disposal of data. The problem is, even post-GDPR deadline, to be compliant, you have to know what data you have and where it is – something businesses are finding challenging due to their large and complex ‘data swamps’.

A data swamp (a by-product of data sprawl) is defined as mass amounts of data which – like a physical swamp – is murky and messy. In this swamp, there is very little visibility or understanding of what is happening below the surface and because of this, businesses with data swamps are easily losing track of the data they are storing and how they’re storing it – vital for GDPR compliance.

A data clean up 

But how can this issue be tackled? The first step is all about understanding what data should and shouldn’t be stored. Put bluntly, if data isn’t going to inform and help solve business problems, what is the point in storing it? This is just one of the questions GDPR has forced businesses to answer. 

Once this step is complete, however, GDPR then forces organisations to manage data in a way that keeps it clean and accessible for analysis, allowing employees to leverage it to tackle business issues in real-time. The businesses that do this - and only gather and keep data that they can learn from -will replace their data swamps with clean data lakes, which are easier to glean value from.

Despite the intimidatingly huge fines for non-compliance, as well as the amount of work organisations have had to do over the past few years to achieve compliance, the introduction of GDPR  has been positive. Not only has it forced improved data governance processes but businesses should now be more comfortable discarding data that doesn’t have a business  value  where it has traditionally been stored, left and even in some cases – lost.

Tackling data sprawl for the long-term

The reality is maintaining GDPR compliance for the foreseeable future requires a shift in mindsets when it comes to data. This is a long-term process and one that businesses must stay on top of. 

Organisations now must approach data with the mentality of ‘what business problems we are trying to solve with this data?’, rather than ‘if we can store it, we may as well do so’ - and some still need the help of experts and tools to understand what information they can leverage for decision making, what’s useful and what’s not. 

Securing data

From the perspective of IT, it’s one thing to control one highly guarded fortress. It’s another challenge entirely when you don’t know how many fortresses exist, what data is inside, how it is used, you have no record of how many keys have been copied and you don’t have access to them. This is the challenge Chief Privacy and Data Protection Officers are being presented with even post-GDPR deadline, and it’s a problem that needs to be tackled or many will fall victim to GDPR and its severe punishments, or a loss of customer trust.

This issue requires a long-term solution – and cannot be solved by a one-time, CIO-led data swamp clean-up. This is because the data analysis tools many businesses currently use are encouraging data sprawl so even after CIOs and IT teams have transformed their data swamps into clean and organised data lakes, their analytics tools start the problem all over again – creating a never-ending spiral of pain. 

Here, more advanced data analytics tools and experts, can step in to help users not only quickly access the data, but make sense of it and figure out the business value it provides – all while making ongoing GDPR compliance less stressful.

By choosing a more centralised and flexible data platform that leaves data in a database – meaning employees no longer need to extract data to analyse it – staff can interpret data more quickly and act on it directly, accessing only the data they need to answer their immediate questions.

This means the development of a long-term data governance and analysis strategy, in which analysts can still provide their organisation with game-changing business insights – while maintaining compliance with regulation – becomes possible. An easier process and cleaner data. That’s the modern approach to analytics that data-led businesses need.

In contrast, the companies that are treating GDPR as ‘just another compliance requirement’ will probably inadvertently communicate that one way or another. The reality of this is that they could either be called out for a lack of compliance – and be hit by the monstrous fines – or even lose out to their competitors that are better communicating their investment in trust, privacy and security.

Organisations have no choice but to comply with the GDPR. However, it’s those who fully embrace the regulation, the vision behind it and communicate its importance to their users and customers that will build the strongest relationships. Those who take on its values of privacy, transparency, trust and security will reap the rewards of doing so, as a culture and operational process that embraces transparency breeds trust and competitive advantage. 

John O’Keeffe, VP EMEA at Looker 

Image Credit: Alexskopje / Shutterstock

John O’Keeffe
John is Looker’s Vice President of EMEA (Europe, the Middle East and Africa). He joined Looker in January 2017 to lead the company’s growth and expansion across the region. Prior to Looker, John served as the Head of EMEA for Nitro and the lead for’s SMB and Commercial business in Europe. John is based out of Looker’s EMEA Headquarters in Dublin, Ireland.