GDPR as a Forcing Function for Things That Should Have Happened Already

Dateline: April 6, 2018

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

This week we saw new announcements of data breaches affecting millions of individuals.  Delta, Sears, and Under Armor all reported hacks that impact information privacy, highlighting the fact that for just about every company, the question is not “if” but “when” they are hacked.  We all have heard about the upcoming implementation of GDPR, which has correctly raised concerns for many executives, but likely for the wrong reason.  Most executives are focused on the hefty fines imposed by GDPR if regulators find your company has not complied.  But the real concern should be about how data is governed in their organizations.   GDPR is actually a forcing function for doing what should be done to better manage the data an organization has.  Recently, Information Management published an opinion piece on the importance of data governance.  The article, Use the GDPR to jump-start data governance initiatives, nicely summarizes this point of view.  The author, Stan Christisens, CTO at Collibra, suggests,

With data governance, organizations gain clarity on what data they have and who owns it. This clarity makes it easier to report on data, a critical requirement of regulators. When you can find data, understand it, and trust it, you can provide the evidence that regulators need to prove compliance.

Specifically, data governance helps an organization answer three crucial questions specific to the GDPR, but they also apply to broader data security initiatives.

They are:

  • Where is my data?
  • Who is responsible for that data?
  • How and why am I processing that data?

What is your answer to these 3 questions?  How can you ensure that your data is properly governed?

That’s a WRAP!  Have a great weekend!

Speak Your Mind