From Source to Use framing the Data Compliance Challenge

Managing personal data appropriately is a major responsibility for organisations today. How you handle data is intrinsically linked to customer trust and brand reputation. However, this is far from the only commercial concern. The fact is organisations that fail to meet data privacy laws can also face huge fines, lasting damage to brand value, and see a material impact on investor confidence.

Take the largest General Data Protection Regulation (GDPR) fine to date. Officials in Luxembourg recently penalised Amazon to the tune of £636 million for failing to comply with the regulation. To put it in context, the largest single ransomware payment recorded stands at just below $14 million worth of Bitcoin. Ransomware remains a threat and attracts more than its fair share of headlines. Yet, it seems a malicious external actor could cost you far less than an internal privacy violation.

Scrutiny of how governments or organisations use personal data is nothing new. It's an issue that goes back decades. In recent times, it's a subject that has come into even greater focus. There are several reasons for this. Namely, the advancement of technology, the increased reliance on the cloud and the Internet, and over the past couple of years, there has been a significant increase in data gathering as a result of the pandemic.

For many organisations, the GDPR remains the main focus when it comes to rules around personal data. This regulation was several years in the making and sets out how to manage the data of 446 million European Union (EU) citizens. While the GDPR has set the global standard, it's just the start. Other countries have followed suit, with legislation emerging in China, India, and Brazil. The US is considering moving from State-based laws to a Federal data privacy regulation. In fact, global organisations have to navigate 134 data privacy laws worldwide today, highlighting that digital compliance is an integral part of doing business internationally.

The Compliance Challenge

Digital compliance is a major challenge for organisations, resulting in a need to show they can both see and protect the data they have stored. This means being able to monitor and manage data from source to use.

There's a tendency for people to associate privacy breaches with cyberattacks. In reality, these attacks are often a symptom of the bigger issue of failing to manage data effectively. This can manifest in diverse ways, from holding on to too much data, poorly configured backups, and accidental data disclosure from human error. 

Take a closer look at the table below, which details the major causes of violations that result in the highest GDPR fines to date. The bulk of the fines relate to the inability to manage data internally and are not technology-related. The values of these fines are €956,580,176 (439 fines) versus €67,559,719 (162 fines) for technology violations.

Source: https://www.enforcementtracker.com/?insights

The remedy to these violations is a comprehensive digital compliance strategy. Exactly what that means in practice might vary from business to business. Still, there are seven useful principles to consider if you want to build a strong digital compliance strategy, these being:

•            Lawfulness, fairness, and transparency
•            Purpose limitation
•            Data minimisation
•            Data accuracy
•            Storage limitation
•            Integrity and confidentiality (security)
•            Data accountability

If you're faced with dark data and redundant, obsolete, and trivia data (ROT), you might fail to fulfill subject access requests or be found in breach due to excessive data retention. So, visibility is key. Putting in place the above methods to manage data at every stage of the data lifecycle from source to use is essential.

Steps for Improving Data Governance

So, what are the appropriate steps for achieving an effective data governance process? Ultimately, that's an in-depth conversation with an expert provider. Nonetheless, here are some actions that can help you to get the right oversight, whether you're starting a plan from scratch or improving one already in place.

1. Backing up your data - in a way that means you can recover it if you need to.
2. Focusing on your most valuable data - only store what you need.
3. Putting in place monitoring capability - because human error happens.

The time to act is now. The amount of data organisations process continues to grow. Plus, the scope of global data legislations will continue to evolve. Being able to demonstrate visibility and scalable discovery will only become more important.

In this blog post, I have discussed compliance and mitigating risk. Still, organisations benefit from improving their data governance through reduced storage costs and optimised resource management hours. So, you can become more efficient as you become more compliant.

The tidier your data, the more you can do with it, too. From insights to innovations, the most successful organisations will be those that can harness their data to become more productive and relevant.

At Veritas, we help our customers understand their data and how they're using it across their organisation. If you'd like to discuss how to best manage data governance for your business, please get in touch.