As enterprises and other organizations focus on complying with GDPR, they are also making significant progress towards future-proofing their data environment by investing in a next-generation architecture that will benefit them far beyond GDPR. In fact, GDPR is really just the tip of the iceberg, foretelling of the data future when it comes to overall data privacy.
To stay competitive, enterprises must be able to manage and leverage their data for business advantage. Businesses rely on using customer data and advanced analytics to find optimal ways to engage, such as through personalized marketing, product and services development, business insights, customer service, and loyalty programs. IT organizations must respond to this demand but with the ability to manage, track, and secure data.
Putting an extensible, scalable technology in place today ensures your data environment will be poised and ready to evolve as needed in the future.
Key Considerations for Data Management and GDPR
GDPR strengthens existing rules for the security and privacy of consumers’ personal data and widens the definition of what is personal data. It is a hot topic in Europe right now, as businesses and other organizations must be 100% compliant by May 25, 2018, or face significant financial penalties. Companies outside of Europe need to pay close attention, as well. GDPR applies to anyone doing business in the EU. For example, if any organization in any location sells to or collects, stores or uses personal information (PII) about an EU citizen, you must be compliant with GDPR or risk losing business with EU countries.
Being compliant with GDPR entails running a tight data ship in terms of data management, governance, privacy, and security. It also requires a new, higher level of responsiveness for reporting that requires an end-to-end view of data as it moves through an organization.
In general, there are two key areas to consider when determining a data management strategy for GDPR compliance:
- Data governance: Companies must be able to implement and enforce strong data governance policies. They must have a clear understanding of all of their data: know what data they have, where it came from, what it is used for; how it changes or is processed throughout the organization; who has access to it; what data must be masked, encrypted or pseudonymized/tokenized; how long, where and how it is stored; etc. Also, governance is important for compliance reporting, Data Protection Impact Assessments (DPIAs), and identifying and reporting a data breach within the required 72 hours.
- Single customer view: GDPR makes the idea of “Customer 360” or a single customer view, critical to understanding if customer data is accurate no matter where it resides in the organization, and if a customer has consented to the use of their data. Also, a Customer 360 approach enables an organization to be able to fulfill customer requests for reports of their own personal data in a timely manner.
Enterprise Data Lake Solution for GDPR Compliance
A data lake management and governance platform must offer effective metadata management capabilities that simplify and automate common data management and governance tasks. Ideally, a data lake management platform not only automates metadata application, it also automates ingestion of data into the lake, data organization, data quality checks, data transformations, and data lifecycle management.
It’s a big undertaking, but consider how you would answer the following questions today when faced with your current big data architecture:
- How will you integrate your existing databases, systems, and applications and eliminate the data silos that prevent you from having timely access to and a comprehensive view of your data?
- What repeatable processes can you automate and operationalize to reduce human error, speed workflows, and ensure processes always happen correctly, consistently and transparently?
- How do you implement and enforce enterprise-wide governance policies?
- How do you broaden access to data to increase your organization’s agility, while still ensuring the data remains private and secure?
The answers justify the work and time that you must put in for GDPR compliance and beyond.
What makes a data lake enterprise-grade and a smart solution for GDPR is a robust data lake management and governance platform. A data lake management and governance platform allows organizations to keep track of what data is in the lake and its source, format and lineage; understand data quality and ensure data reliability; implement access controls and privacy rules such as data masking and tokenization to ensure compliance with regulations; and enable broader yet controlled access to data.
Beyond GDPR: Your Big Data Future
Building a data architecture that enables you to comply with GDPR and doing it in a way that can flex and scale to meet new data challenges into the future requires a new approach. We call it a next-generation architecture. A next-gen architecture is one that permits broader access by data processors/consumers to more and different types of data for a broad range of use cases while providing a centralized way to tightly enforce data governance policies and privacy and security rules.
Some refer to this type of framework as “DataOps.” We think that this approach is best served by a data lake, which functions as a centralized repository for any type of data from any source, including databases, e-commerce sites, operational systems and third parties. The data lake’s ability to break down data silos and store raw data in its native format can enable companies to have a timely, 360-degree view of their data and their customers, as well as more flexibility for data analysis and discovery.