If your personal privacy was violated you’d be really upset. And rightly so, as your right to privacy is precious. In the business world, it is the onus on businesses to ensure the security of customer data. As the unlawful usage of data can ruin the relationship that enterprises have with customers.
In fact, as Forrester states that, ‘in a world where privacy has become a competitive differentiator for multinational organisations, businesses must increasingly work … to understand global data privacy requirements, implementing controls that protect personal data accordingly.’ The extension of GDPR regulatory compliance from Europe to non EU organisations is already proving to be a rocky road ride for businesses.
But, before we dive into the key challenges, it is important to ascertain to whom the rule applies to and what information is subject to the EU law.
Do You Need to be GDPR Compliant?
GDPR regulations apply to ‘Controllers’ and ‘Processors’ of data that belong to EU data subjects. But who are they? Let’s define what a ‘Controller’ is? A ‘Controller’ is a company, organisation, person, agent or any other body responsible alone or jointly for collecting and processing personal data.
A ‘Processor’ is a company, organisation, person, agent or any other body who processes personal data on behalf of the controller. The ‘data subject’ is the person whose data is being collected or processed. The personal data can be any personal information such as name, address, contact details, sensitive personal data like gender, race, ethnicity or physical and mental health status, etc.
The Controllers and Processors must be transparent and open to the public by registering themselves with the Data Protection Commissioner. They may export personal data outside the EU for storage or processing. GDPR enforces rules on the data and asks for rights and freedom of EU citizens over their data. This can pose additional challenges to those already in existence.
What are the Business Drivers around Data Handling?
The major GDPR challenges that organisations face will be in the areas of:
Collection: Implementing additional policies to collect, process, and protect client’s data add several new requirements, tasks and responsibilities to the business.
Analysis: GDPR compliance will necessitate changes in existing operational and analytics systems (BI, Data warehouses, data marts and data lakes) due to regulatory requirements around customer-specific data processing and analysis.
Storage: Enterprises will have to extend compliance to storage solutions including cloud (public, private or hybrid) and data portability solutions to ensure all the rights of data subjects. Enterprises must make all stakeholders including third parties, partners and vendors equally accountable for GDPR adherence.
Auditing and Reporting: GDPR imposes obligations on enterprises to maintain an internal audit of data protection activities. This requires data lineage solutions to maintain traceability of information with respect to data subjects. Any data breaches must be reported with the source of breach, other critical facts of the event, impact on the subject, mitigating actions and future preventive measures.
The Need for a Comprehensive GDPR Compliance Strategy
To address these challenges and avoid hefty penalties, a comprehensive GDPR compliance strategy should be put in place. It should define processes to be followed, identify the right set of new roles to handle GDPR requirements, and adapt existing policies and the correct tools and technologies.
Mastek is extensively experienced at architecting solutions for regulatory compliance. We work independently or with technology partners to provide comprehensive solutions that help businesses build a plan and implement processes and controls to make the GDPR regulatory compliance journey a smooth and easy ride. Our strategy covers:
Refer to Figure 1 below for a visual representation of our implementation framework. It is based on active collaboration between enterprises, their partners and technology solution providers.
Figure 1: GDPR implementation framework: Strategic focus areas
Tools & Technologies
The right set of tools &technologies will serve as key enabler for implementation and governance. Businesses may have multiple data silos spread across different storage types including databases, files systems, documents, cloud and Hadoop-based ecosystems. These repositories will require a holistic approach for data storage, protection, and management. Some of the proprietary and open source tools, which will serve as key enablers for GDPR compliance include:
- Classification & Lineage - Apache Atlas, Talend, Cloudera Navigator, Talend MDM, Pentaho, Abinitio, MSSQL
- Security & Data Quality - MSSQL, Oracle, DB2 databases, Talend, Azure Data Catalog, Apache Ranger, Sentry, Kerberos
- Integration & Analysis – Talend, Informatica, Pentaho, Abinitio
- Governance – Talend, Bedrock Zaloni, Loom, Collibra and Waterline Data
- Audit- Talend, Oracle, MSSQL
A strategic, timely and robust approach to GDPR compliance and implementation is the need for enterprises handling EU data. Time is running out. Don’t risk ruining your customer relationships by failing to get GDPR compliant. Get in touch with us now at [email protected] to put in place a comprehensive GDPR compliance strategy.