• Follow us


Drowning in GDPR? Five data strategies to navigate GDPR compliance

About the author

Nigel Tozer is Solutions Marketing Director EMEA at Commvault.

Regardless of where in the world you work, every business today needs an understanding of global privacy regulations like GDPR, and how to comply with them. 

Over one year on from GDPR’s inception many businesses are struggling to implement data strategies that help them to meet this challenging regulation; however, with the potential risks and loss of customer trust that you jeopardise by not safeguarding your customers’ data, now is the time to act. 

As a starting point, there are five main data strategies that can help you on your data protection journey.

Get to know your data

Data management is complex, and making sure that it doesn’t prevent you from complying with GDPR is difficult. But to tackle this, think of GDPR as knowing about what type of data you have. The data that is held by businesses, especially unstructured data, can often become messy due to the fact that everyone who can access it has the ability to use it, copy it and change it. When it comes to personal data, many businesses treat it as though they own it, when actually, they are merely the custodians.

Data mapping – pinpointing personal data, its content and its risk profile – helps stakeholders to understand the ‘before and after’ of a breach, which in turn helps to predict where a loss could occur and the potential impact this could have. There are going to be incidents no matter what, so the data protection team needs to plan for the worst, as the regret of knowing you didn’t do everything you could is very unpleasant indeed.

Image credit: Pexels

Image credit: Pexels

(Image credit: Image Credit: Rawpixel.com / Pexels)

Mitigate the people problem

When it comes to the people in your business, everyone is accountable for data, from the C-level in the boardroom, all the way to the individual teams that make the business happen. The key fact to bear in mind is that ‘you can’t patch people’ – there is no quick fix if your employees are struggling with their role in good information governance. 

Every single business relies 100% on employees, but despite this they always have the potential to be your weakest link, though that is no excuse to skimp on training, of course. Education remains the most important factor to consider when working towards GDPR compliance. They shouldn’t feel drowned in it, but instead have enough information and training to enable them to keep processing activities legitimately, and ensure the data that they are working with is secure, to keep the risk of a data breach to a minimum. 

It’s also important to foster a ‘no blame’ culture so that staff feel comfortable about reporting a breach; fear really is your enemy in this case.

Don’t let your data take over

Though data is the centre of your business, it should never control it – instead, your business should keep control of your data. It’s important to remember that encryption does not equal infosec, and security does not equal data protection, so don’t fall into the trap of thinking this is the case. Other precautions need to be implemented to ensure that data is only used for its intended purpose, which should also include controls on copy creation. It is too easy to make copies of databases for ‘dev and test’ processes, where data is used without being anonymised. Copy controls can also help to stop un-encrypted or un-anonymised data finding its way onto open cloud shares – a common way for breaches to happen.

It is also valuable to monitor all of the data that is held on personal devices such as mobiles, laptops and USBs, and to give them an in-house backup of this data not only for recovery purposes, but also so that the data protection team knows the risk if that device is lost or stolen. If you can remotely encrypt or wipe personal data on those devices, even better, as this will mean you will know where you are in regards to reporting to the supervisory authority should a breach occur.

Image credit: Shutterstock

Image credit: Shutterstock

(Image credit: Shutterstock)

Automation is the way forward

Unstructured data is a problem, and it can often be too big a problem to resolve manually. In a typical organisation around 70-80% of data is unstructured, which causes endless management and breach-related headaches. Part of the challenge is that most businesses don’t have a single person that owns this data, and this leads to it becoming unruly and challenging to work with.

There are lots of data inventory and mapping tools available, but they often lack the ability to cover everything from laptops, across heterogenous on-premises systems and the cloud, including SaaS offerings like Office 365. Control means more than mapping too – automation based on content, attributes and risk profile are what’s needed for it to become an actual game-changer. Left to users, data spirals out of control; smart automation will expire data appropriately, as well as manage access and location. Not only does this have a cost reduction benefit, but breach risk is also significantly reduced. 

Governance is not a roadblock

Data protection processes will nestle neatly within your wider governance program, and are most definitely not the same thing. Compliance in terms of data protection is about meeting regulations that have been set out by governing bodies, whereas governance encompasses all manner of processes and procedures above and beyond mere legal compliance. Governance can be a USP – being easy to understand and transparent about your use of customers’ personal data can put you in a more trusted position than your competitors. Reputation takes years to build, and only seconds to lose; very few businesses survive a large data breach where the trust that customers had placed in them has been lost.

To avoid this, embedding a culture of good data management and ethical data practices that support good governance in your business really is a must. Getting your employees to live and breathe ‘privacy by design and default’ is better than trying to retrofit it afterwards. They need to learn to think like that anyway; it is part of GDPR after all. By building good governance into your company DNA, you are able to deal with privacy from day one and will be able to slowly develop the measures you need to monitor and manage risk effectively without any excessive costs.

By implementing these five data strategies, businesses can work towards GDPR compliance and ensure that the data they hold is processed appropriately and is safe and secure. The best data strategies will provide cost savings as well as other efficiencies, and deliver a sound ROI rather than ‘just compliance’. Gaining full visibility of your data and automating its management means you’re also planning for worst case scenarios. This allows you to make your employees your main focus, and your data will be able to work for your business and not against it.

Nigel Tozer, Solutions Marketing Director EMEA at Commvault 

Read More

Leave A Comment

More News

Latest ITProPortal news

What is ransomware? Everything you need to know 2019-06-18 09:59:40Ransomware: What’s new 18/06 - NEWS - GandCrab ransomware is no more - Victims can now decrypt files, and it seems as new versions won't be com

Samsung tells users to check their smart TV 2019-06-18 08:00:04Security experts are baffled.

GandCrab ransomware is no more 2019-06-18 07:30:10Victims can now decrypt files, and it seems as new versions won't be coming.

Workers are ready to ditch passwords 2019-06-18 07:00:53Needing to remember multiple passwords makes many anxious.

ITIL 4 has finally arrived. Is it enough 2019-06-18 07:00:02Rather than attempting to rewrite the ITSM playbook, the latest iteration of ITIL has instead been packaged as more an expansion on the previous gener

UK data regulator says its own site doesn't 2019-06-18 06:30:55ICO is in the process of urgently updating its website.

Artificial intelligence: The game changer for businesses 2019-06-18 06:30:15Many people are unsure about the relevance of AI in terms of business encounters.

Does consolidation help or hinder the internet? 2019-06-18 06:00:19To understand how a consolidating Internet economy may shape the Internet’s future is to recognise that this trend goes beyond products and serv

US chipmakers are lobbying to reverse Huawei ban 2019-06-18 06:00:15Huawei is not the only one losing out after blacklisting.

Is having an app still a choice for 2019-06-18 05:30:53Having an app is a great choice for your SaaS startup, so we are going to discuss the potential benefits in our article.

Four key considerations on AI enabled IT service 2019-06-18 05:00:20CIOs need clarity about what AI is and is not when it comes to ITSM.

Data literacy – the foundations of business success 2019-06-18 04:30:03Innovation in data technology is helping businesses make better use of the ever-growing volumes of data they generate.

TechRadar: Internet news

Mozilla urges Firefox users to update browser immediately 2019-06-18 23:30:27Mozilla is urging Firefox users to immediately update their browsers to the latest version, following the discovery of a zero-day vulnerability.

Telstra's new SIM-only plans serve up some of 2019-06-18 21:59:26Two new Telstra SIM-only plans have landed and offer compelling competition to the Optus alternatives.

Samsung Galaxy Note 10: release date, price, news 2019-06-18 20:09:59The Note 9 is a smartphone that improved a bunch of little things, and we're hearing leaks about possible upgrades coming in the Samsung Galaxy Note

Samsung Note 10 will reportedly launch on August 2019-06-18 19:45:33A report claims the Samsung Note 10 is set to launch on August 7 at the Barclays Center in Brooklyn, New York.

This Super Mario battle royale game challenges you 2019-06-18 18:09:33A YouTuber-turned-developer built a Super Mario Bros. royale game and is letting people play it for free… until Nintendo shuts it down.

Fitbit sale at Amazon: price cuts on the 2019-06-18 17:32:49The Fitbit sale at Amazon includes price cuts on the best-selling Fitbit Charge 3 and Alta HR.

Gold Cup 2019 live stream: how to watch 2019-06-18 16:53:49USA are aiming to make it seven victories in the tournament to draw them level with Mexico. Check out our guide for all your 2019 Gold Cup live stream

Salesforce adds customer data platform to CRM 2019-06-18 16:40:35Salesforce is adding new features to its CRM software alongside the next generation of Customer 360.

Here’s what experts say mobile gaming will look 2019-06-18 16:16:44Developers, publishers and phonemakers told us about what games and hardware in 2019 can tell us about mobile gaming in 2020.

GandCrab ransomware shuts down after netting authors billions 2019-06-18 15:05:49GandCrab operators informed the ransomware community they're shutting down in blog post.

Fraudulent domains are remaining active for longer 2019-06-18 14:04:25New research from Proofpoint has revealed that fraudulent domains hide in plain sight by using the same services and TLDs as legitimate websites.

Best TV 2019: here are the big-screen TVs 2019-06-18 13:57:12On the hunt for the best TV in 2019? We've got all the info on this year's best screens.

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.