The formula for long-term GDPR compliance

John O’Keeffe, VP EMEA at Looker

After the better part of two years of preparation and conjecture across the technology and financial industries, the general data protection regulation finally came into effect in May.

In the past, the impact of this type of regulatory change would have been confined to the IT and data teams, but nowadays, almost everyone handles data. From customer communications, through to employee records and beyond, much of this data qualifies as personal information which means, according to GDPR, it must be controlled, only used based on published commitments and ‘deletable’.

Alongside this, over the last decade or so, access to data storage has become so affordable and accessible that many businesses have instinctively accumulated all the data they can get their hands on. While this may have paid dividends in some cases, in the form of new insights, it has also resulted in organisations – especially those within the financial sector – housing enormous volumes of information, a lot of which isn’t used.

This is what we call ‘data sprawl’, and this build-up makes it difficult for enterprises to know exactly what they’re storing, where it is saved and how it is being accessed. This not only means organisations are facing enormous compliance challenges however, even more worryingly they continue to put themselves at risk of mammoth fines for GDPR non-compliance.

Cleaning up data

The goal of GDPR is to protect individuals by ensuring organisations in Europe – and those handling European citizens’ data – have an effective data governance programme in place. The issue most organisations are coming up against however, in a bid to put compliant processes in place, is that they don’t know what data they have and where it is being stored. This is, in part, a direct consequence of their large and complex ‘data swamps’.

A by-product of data sprawl, a data swamp is defined as a mass amount of data which – like a physical swamp – is murky and messy. This collection of data not only has little visibility but there is a lack of understanding of what is happening below the surface, meaning that those businesses with swamps are easily and quickly losing track of the data they store and how they’re storing it. This could leave them in serious trouble when it comes to GDPR compliance.

But how can this issue be tackled?

One of the questions GDPR is forcing organisations to ask is whether or not data is informing and helping solve business issues. If it isn’t, there is simply no point in storing it.

Once organisations have confronted this issue and removed all the duplicated and useless information they store, this data then needs to be managed in a GDPR-compliant way i.e. kept clean and accessible for analysis, allowing employees to leverage it to tackle business issues in real time. The organisations that do this – and only gather information they can learn from in the future – will be able to replace their data swamps with clean data lakes, which are easier to glean value from.

Keeping data secure

While a data swamp clean-up is vital in the journey to full GDPR compliance, the issue requires a long-term solution, especially given that many data analysis tools used by financial organisations are encouraging data sprawl, even after the creation of clean data lakes.

This never-ending spiral of pain will continue unless organisations employ more advanced data analytics tools and experts to help users not only access data quickly, but make sense of it and figure out the business value it provides. This will this ensure ongoing compliance and prevent organisations from falling victim to GDPR and its severe punishments.

By choosing a more centralised and flexible data platform that leaves data in a database – meaning employees no longer need to extract data to analyse it – staff can interpret information more quickly and act on it directly, accessing only the data they need to answer their immediate questions.

While organisations have no choice but to comply with the GDPR, it’s those who fully embrace the regulation and communicate its importance to users and customers that will build the strongest relationships. By taking on GDPR’s values of privacy, transparency, trust and security, businesses can reap rewards such as consumer trust and competitive advantage.

Despite the intimidating fines for non-compliance, as well as the huge amount of work organisations have had to complete over the past few years to be ready, the introduction of the GDPR has been a positive one from our perspective. Not only has it forced improved data governance upon businesses across the world, but now organisations – especially those within the financial sector – should feel ready to put data governance at the heart of their information strategies.