GDPR isn’t just about compliance – though that’s vital – it’s also about focusing on what data you actually hold, what it’s for, and how you manage it. A key part of the new law is the right of data subjects to know what’s being held and, if necessary, have it deleted.
Sounds simple, but in reality, many organizations have areas of information which are managed ‘informally’ – to put it diplomatically. That data is hard to access and don’t match up to the original intentions of the people who framed data policies.
Initial GDPR projects have concentrated on structured applications like databases which have administrators or application administrators who are able to initiate reports to find data and provide helpful management information. But even within these managed areas there are often data standards issues such as different forms of a given name. It can all get very confusing. That’s bad not just for compliance, but good data management too.
For unstructured information (documents) and semi-structured information (email) the situation typically is even less certain. It’s often loosely managed. A large amount of information is held in a general file store, or SharePoint and email, for instance.
There might be high level policies specifying how it all should be managed and governed, but often those policies are so high-level that the people filing the data take a rather ad hoc approach to where they put it and then subsequently manage it. Let’s be honest, most of us not naturally talented when it comes to filing! And even if you are, filing is a chore you leave to the last minute.
I encounter islands of well-organized filing but also wastelands where the original filing logic has been lost. And then there are the shadow filing systems which spring up because the main ones are too confusing. Of course, that’s complicated by what we call ‘de-structured’ information: that’s where people take data out of one structured and managed place and store in another perhaps in a spreadsheet, because it’s useful. But, it ends up being badly managed, out-of-date, and hard to find.
Now, most organizations recognize the problems I’ve described, but they don’t know where to start remedying it. What they need is a detailed information audit so that they can know what they have and manage it properly.
There’s software which can do that for you: it scans unstructured and semi-structured information areas looking at file types, metadata and the actual content.
That delivers insights into personal information, content themes as well as, importantly, how much is either duplicated or almost duplicated. That helps save on infrastructure costs and usage and unclutters access to the data. It also means you can be clear about policies and see that they are being followed. It helps focus on data minimization, which is a key element in GDPR, but it’s also a vital part of becoming just more efficient and agile.
GDPR is the spur for managing data better so your business works better and makes the most of its data – all within the law. If your data policies are strong, and you know what you have, why you have it, where it is, and what you can do with it, you will be a more effective business as well as compliant one. And we can help you do it.
Discover how you can achieve an exemplary level of data governance.
Find out more at www.fujitsu.com/gdpr