Catching Up with GDPR Compliance
The General Data Protection Regulation (GDPR) compliance deadline of May 25, 2018 has passed, but many organizations are still grappling with the data governance challenges it has created. Whether your organization conducts most, some or just a small amount of business in Europe, there are many aspects of data management you need to consider to comply with the regulation. Here’s some great sources of information from industry experts to help bring you up-to-speed.
In our expert interview series with Paige Bartley, Senior Analyst for Data and Enterprise Intelligence at Ovum, she explains that some organizations may not reach the May 25th deadline. These will likely be smaller organizations, often based outside of Europe, that have a minority of their customers or employees based in the EU. They will have to adhere to the guidelines listed such as the documentation of processes, the correction of false data, and the transfer and ownership of data just to name a few.
Data lineage, data quality, and data availability also are inherently linked to the GDPR and play a large part in compliance.
- Data Lineage is needed for the records of processing activities of personal data. This can account for how the data was handled, who handled it, and where it was handled.
- Good data quality will help in GDPR compliance initiatives because it means that data subjects will have less to correct incorrect data. Data quality is both a driver of compliance as well as a product of it.
- Data availability is cited directly in GDPR as part of Article 32’s requirement guidelines for the Security of Processing of personal data. High availability of systems, while not absolutely mandated, is highly encouraged for GDPR compliance.
Why the GDPR Matters Outside the EU
The GDPR applies not only to organizations that are based in Europe, but also to those that collect personal data from E.U. citizens who are located within the E.U., even if the company itself is not in the E.U. What this means in practice is that if you have, say, a website form that collects the personal information of visitors, and some of the people who fill it out are E.U. citizens who are located in the E.U. at the time that they fill out the form, that data could be subject to GDPR regulation. Similarly, if you partner with an organization that collects data from E.U. citizens, and some of that data is shared with you or otherwise comes under your ownership, the GDPR may also apply to the data.
Another reason why the GDPR matters outside of the E.U., and why it is a good idea to start planning for compliance now, is that the regulation may inspire similar frameworks in other jurisdictions in the future.
You can find more detail on those points here in our blog post.
If you have a mainframe, the GDPR data management requirements may apply to it, even if the mainframe is not inside the European Union. If your company has any kind of presence in Europe, you may need to bring your mainframe data management practices up to speed with the GDPR, along with those of the rest of your infrastructure.
In a post on GDPR Compliance for the Mainframe we gave some key areas that organizations should focus on when becoming GDPR compliant: data erasure, data sovereignty, timely data recovery, data pseudonymization, and data encryption. This isn’t a full list for GDPR Compliance but it’s a great place to start.
GDPR and Machine Learning
GDPR Compliance is also changing the way that organizations approach machine learning.
Katharine Jarmul, founder of KJamistan data science consultancy, stated that GDPR compliance changes a few of the ways that organizations have to inform users about automated of their data. Organizations will want to take note of their current notification process and make changes accordingly. What GDPR gives people is the motivation to get started on that.
We’ve released a series of short webcasts in an effort to inform people of the importance in GDPR compliance. Check out these three great videos which focus primarily on Data Quality, Capacity Management, and IBM i Security.
If you want to learn more about GDPR compliance and how Syncsort can help, be sure to read our eBook on Data Quality-Driven GDPR.