The noise around GDPR is increasing as organisations including Microsoft and Google set out their plans for complying with legislation. Our aim is to filter that noise down to a considered conversation that focuses on what’s important to your business and how you can take the appropriate steps to deliver a positive GDPR outcome. The following extract from our whitepaper illustrates how starting with what you know is the first step in the process.
Starting with What You Know
Most organisations have distinct functional areas with distinct processes and tools for holding data on individuals. A simple table such as the one below provides an overview of the most common business functions, and the types of data they hold.
Once this initial dataset is understood, it becomes important to identify what is personal data and what is not. This is further broken down into data that could be used to identify an individual, and information that would be classified as sensitive.
With GDPR, these definitions of data have been broadened to reflect the ways in which many organisations now retrieve and store information.
This broadening may result in additional compliance obligations for organisations. The below provides an illustration of how this change will play out.
A Process of Data Discovery
Of course, starting with what you know only works if you know what data you have. What GDPR forces business leaders to consider is where every single piece of personal data is across their IT estate – including the Cloud. Taken in this context, the question of the data that an organisation holds on individuals becomes a complex one to answer, and one that is going to require time, resource and budget.
A thorough approach to data discovery, properly implemented, will lead you to data that you did not know about – offering not only a great start to GDPR compliance but also the opportunity to uncover and resolve data that is ‘hiding’ throughout your network, including company sensitive information, personally identifiable data and duplicated information.
To find out more about our approach to GDPR and how we can help your business use the legislation as an opportunity for business growth through great data management – download our whitepaper here: http://bit.ly/ExonarGDPR or get in touch at firstname.lastname@example.org