Taking responsibility for GDPR readiness?
The General Data Protection Regulation (GDPR) is a new regulatory framework introduced by the European Parliament & Council. It was passed into law in April 2016 and will be applied from May 25th, 2018. The regulation sets out a single framework for the handling of Personally Identifiable Information (PII) pertaining to European citizens. All organizations (regardless of geograhical location) that collect, handle and/or store this type of information must ensure compliance or face sanctions of up to €20m ($21m) or 4% of annual world-wide turnover (whichever is greater).
GDPR presents considerable challenges and risks; organizations globally must ensure their readiness.
As an unstructured data pool, with a large number of data owners and stakeholders, user data must be a key area of focus for the organization’s DPO function. If robust and cost-effective compliance mechanisms are to be introduced then file system structures must be simplified, data accountability improved, and redundant, obsolete and trivial data removed.
Northern delivers a powerful set of capabilities that support the implementation and continuous management of compliance mechanisms.
The Information Governance and Compliance solution area provides the ability to monitor the unstructured data footprint and identify areas of possible non-compliance. These analyses can be based solely on file meta-data or on file content (text mining). Stakeholders, such as data owners or members of the Data Governance team, can then be invited to review, and inspired to act.
The ability to continuously monitor the unstructured data footprint, identify areas of possible non-compliance, and then involve qualified stakeholders in mitigating these risks provides clear benefits to the work of the Data Protection team and the organization as a whole.
|Regulatory compliance within unstructured data must begin with an understanding of the data footprint itself. A risk assessment of all pockets of unstructured data enables specific and relevant strategies for achieving compliance to be defined.
|Focused reports, clear directives and the knowledge that only data owners have about the content of their files allows regulatory compliance to become an element of standard working practice.
|Regular review of stored data, ROT removal and general house-keeping initiatives ensure efficient use of the file service. Maintaining a controlled and more transparent data footprint reduces the cost and complexity of ensuring data protection and compliance.