That’s Our Data? Oh
The EU General Data Protection Regulation (GDPR) is turning out to be a good wake-up call for many organizations. Specifically, for those who find it challenging to understand what data they do have. No, I am not kidding. Not only that, they do not know where the data is located, and have no idea whether or not it is relevant to their business. That sums it up.
The core components of GDPR include the ability to search, discover, and review data, all of which are essential for GDPR compliance. Not exactly rocket science. Businesses must be able to provide individuals with a copy of their data when requested, or delete it, within a 30-day time frame.
This appears to be causing issues, as 42 percent of companies cannot accurately identify and locate relevant data. Honestly, I am not making this up. The organizationally challenged are also concerned about data retention. 43 percent of organizations admit that there is no mechanism in place to determine which data should be saved or deleted, based on its value. Under GDPR, companies can retain personal data as long as it is used for the purpose it was collected. The personal data must be deleted when it is no longer used for that purpose.
I am pretty sure that most organizations do not have an audit trail, cannot remove all incidences of PII for an individual, and do not have encryption that is up to snuff. Some suggest that instead they just stop doing business with the EU. Now that seems like a sensible approach, doesn’t it? Do you think you have the technology available to address GDPR?
I don’t know how organizations have become so complacent about data breaches, regardless of the type. Do they think an ‘oh well’ attitude will make the situation go away? One of our clients, a federal agency, hasn’t had a data breach in 12 years. It benefits from a solution that is free of end user intervention, operates in real time, and that quarantines data and prevents it from download. Plus, it addresses all confidential or sensitive information, as defined by that organization.