The European Union’s General Data Protection Regulation (GDPR) went into effect in May. Although it is widely considered to be among the most strict data privacy laws ever enacted, few organizations have made proper preparations. Ninety-three percent of global organizations surveyed in April by the business analytics company SAS said they are not yet fully GDPR compliant.
Although GDPR is designed to standardize data security legislation across Europe, it will have a global impact. Any company, regardless of location, must comply with the GDPR if it stores or processes personal information about citizens of any of the EU’s 28 member states.
GDPR requirements regarding personally identifiable information (PII) are particularly troublesome for U.S. companies. The regulation mandates that all companies must know exactly where every instance of someone’s personal information is located. However, the combination of data fragmentation and unstructured data hoarding within organizations will make it incredibly difficult for companies to comply with these provisions.
In truth, GDPR has been a wakeup call for organizations that store all data without considering its real value. Two years ago, the Global Databerg Report found that 85 percent of all data being processed and stored by organizations around the world is functionally useless, wasting trillions of dollars in management costs.
GDPR is forcing organizations to take a closer look at their data assets. In a new survey of 1,500 business leaders by IBM’s Institute for Business Value, 70 percent reported that their organizations are actively disposing of data in an attempt to reduce their GDPR exposure. If they aren’t sure how it is being used or if they don’t have appropriate consent, they’d rather dump it rather than face significant fines.
The process illustrates the need for a comprehensive data governance strategy to ensure the efficiency and security of the storage infrastructure. IBM found that 80 percent of organizations will be cutting down on the amount of personal data they keep moving forward, with 78 percent reducing the number of people who have access to it.
Data governance efforts are essential for imposing a quality-control discipline on the processes for assessing, managing, using, improving, monitoring, maintaining and protecting data. This requires a framework for identifying who owns and is accountable for data assets. Data governance will clarify who should have access to data and for what purpose, and ensure that compliance requirements are being met. The program should also include procedures for storing, archiving, backing up and securing data.
Packaged applications can provide a good starting point by automating some of the processes involved with data discovery and management. Automated archival tools streamline the process of moving data off primary storage, reducing storage costs and improving overall efficiency. E-discovery tools deliver powerful search and tagging functionality, improving the ability to review and classify data.
However, organizations can’t depend on an app to ensure compliance. Effective data governance requires the involvement of stakeholders throughout the organization. We can help you get started with an assessment designed to evaluate your existing policies, standards, business rules and storage management practices. These metrics can help you establish a data governance process that supports compliance efforts and eliminates storage waste. Give us a call to learn more.