Drowning in the GDPR? Five data strategies to navigate GDPR compliance

• The comparison
• Televisions
• Drowning in the GDPR? Five data strategies to navigate GDPR compliance

About the author Nigel Tozer is Director of EMEA Solutions Marketing at Commvault. No matter where you work in the world, every company today needs to understand international privacy policies, like PEMPs, and how to protect them. comply with it. More than a year after the launch of the GDPR, many companies are struggling to implement data strategies that help them comply with these difficult regulations; However, with the potential risk and loss of customer trust that you jeopardize by failing to protect your customer data, the time has come to take action. As a starting point, five key data strategies can help you on your data protection journey.

Know your data

Data management is complex and it is difficult to ensure that this will not prevent you from being compliant with the GDPR. But to remedy this, think about the GDPR knowing what kind of data you have. Business-proprietary data, especially unstructured data, can often be confusing because anyone who can access it has the ability to use, copy, and modify it. When it comes to personal data, many companies treat it as if it were their property, while in reality they are only the custodians. Data mapping, by locating personal data, its content, and its risk profile, helps stakeholders understand the "before and after" of a breach, helping to predict where a loss might occur and its potential impact. . There will be incidents at all costs, so the data protection team must face the worst, because regretting not doing everything you could is really unpleasant.

(Image: © Image Credit: Rawpixel.com / Pexels)

Mitigate the problem of people.

When it comes to people in your company, everyone is responsible for data, from the C-level of the board of directors to the individual teams running the business. It is important to note that "people cannot be contacted"; there is no quick fix if your employees are struggling with their role in information governance. Every company is 100% dependent on its employees, but despite this, they still have the potential to be your weakest link, although this is not an excuse to skimp on training, of course. Education is still the most important factor to consider when doing GDPR compliance. They should not feel stifled, but rather have sufficient information and training to legitimately maintain processing activities and ensure the security of the data they work with. Therefore, the risk of data breach is minimized. It is also important to promote a "blameless" culture so that staff feel comfortable reporting a violation; Fear is really your enemy in this case.

Don't let your data take over.

Although data is the center of your business, it should never be controlled. Instead, your business must maintain control of your data. It is important to remember that encryption is not synonymous with infosec and that security is not equal to data protection. So don't get stuck. Other precautions must be implemented to ensure that data is only used for its intended purpose, which should also include controls for creating copies. It's all too easy to make copies of databases for "develop and test" processes, where data is used without anonymization. Copy controls can also help prevent unencrypted or de-anonymized data from ending up on open cloud shares, a common way to prevent breaches. It is also useful to monitor all data stored on personal devices such as mobile phones, laptops, and USB drives, and provide them with an internal backup of this data not only for recovery purposes, but also for data protection team aware of the risk. if this device is lost or stolen. If you can remotely encrypt or wipe personal data on these devices, even better, this means you'll know where you stand in terms of reporting to the supervisory authority in the event of a crime.

Image Credit: Shutterstock (Image: © Shutterstock)

Automation is the way to go.

Unstructured data is a problem, and its manual resolution can often be too complex. In a typical organization, around 70 to 80 percent of the data is unstructured, resulting in endless management and breach-related headaches. Part of the problem is that most companies don't have a single person who owns this data, making it difficult to manage. Plenty of tools for data mapping and inventory exist, but they often lack the ability to cover everything from laptops to heterogeneous on-premises and cloud systems, including SaaS offerings like Office. 365. Control means more than just mapping: automation based on content, attributes, and risk profiling are all necessary for the game to truly change the game. Left to the users, spiraling data is out of control; Intelligent automation will age data appropriately while managing access and location. This not only reduces costs, but also significantly reduces the risk of breach.

Governance is not an obstacle

Data protection processes will fit well into your broader governance agenda and they are certainly not the same thing. Data protection compliance is about complying with regulations that have been set by governing bodies, while governance encompasses all kinds of processes and procedures that go beyond legal compliance. Governance can be a USP; Being easy to understand and transparent about your use of customers' personal data can put you in a more trustworthy position than your competitors. It takes years to build a reputation and seconds to lose; very few companies survive a large-scale data breach where the trust placed in them by customers is lost. To avoid this, it is essential to establish a culture of good data governance and ethical data practices that support good governance in your business. Bringing your employees to live and breathe "Privacy by Design and by Default" is better than an attempt at retrofitting later. They need to learn to think like that anyway; It is part of the GDPR after all. By embedding good governance into your company's DNA, you can manage confidentiality from day one and can gradually develop the necessary measures to effectively monitor and manage risk without excessive costs. By implementing these five data strategies, companies can work to comply with the GDPR and ensure that the data they hold is processed correctly, safely and securely. The best data strategies will drive cost savings and other efficiencies, and deliver a strong return on investment, rather than "mere compliance." Gaining full visibility into your data and automating its management also means you anticipate worst-case scenarios. This puts your employees at the center of your concerns and your data will work for your business, not against it. Nigel Tozer, Director of Marketing EMEA Solutions at Commvault