The General Data Protection Regulation is a European Union act that requires organizations with data from any citizen of an EU country to have certain data privacy guards in place.
Privacy is not a new dimension of data management, nor is it only part of a GDPR compliance checklist. It is a major issue for any organization's risk management, since most organizations collect some forms of personal data that could be combined to identify an individual. Leaving that data accessible and open to threats and events of malicious usage, accidental disclosure or other challenges is a main reason for the creation of the GDPR.
The following steps may be useful for organizations to include on a GDPR compliance checklist:
- Perform a current state analysis of the people, processes and technology capabilities that collect, process and manage privacy and security controls for personally identifiable information (PII) of customers and employees. Include data sources and the metadata -- business and technical -- for each attribute.
- Understand the difference between a privacy and security classification and instruct business and technical data stewards accordingly for all PII. Then, implement these classifications appropriately and consistently.
- Implement the proper metadata management for data and train data governance professionals and business and technical data stewards in the organization's approach to metadata management. Glossaries, data dictionaries, etc., should note all PII and their classifications.
- Integrate data privacy and data security into all the data management efforts as part of your GDPR compliance checklist, including data quality, master and reference data management, data warehousing, and BI and analytics. PII data can travel far and wide!
Dig Deeper on Data governance strategy
Related Q&A from Anne Marie Smith, Ph.D.
The optimal approach to a data governance framework includes a program team, a data governance council and stewards. Expert Anne Marie Smith explains... Continue Reading
Companies in all industries can benefit from a master data management program, advises MDM expert Anne Marie Smith. Learn how to enhance yours. Continue Reading
A data governance program doesn't have to be a police action. Instead, advises expert Anne Marie Smith, data stewards should help bring about ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.