The time to just talk about the European Union's General Data Protection Regulation is over. With enforcement of GDPR starting in May 2018, companies need to be in step with its mandates on managing and securing personal data -- and it's hard to march to the GDPR data protection beat without a solid data governance structure in place.
Existing governance processes may not be enough, either. "Even the best data governance programs can age and require updates and modernization to remain relevant," TDWI analyst Philip Russom wrote in a March 2018 report on the compliance issues that GDPR and other regulations create for data management teams.
There's a balancing act between complying with regulations and extracting business value from the customer data that companies collect, Russom added. Targeted improvements to data management practices can help with GDPR compliance without hamstringing the use of data, he said, listing things such as the creation of data catalogs, the tracking of data lineage and an increased focus on data quality. Without such governance controls, "data can be a source of risk" instead of value, he warned.
The amount of data being collected by companies further complicates things. For example, Ebates Inc. stores "hundreds and hundreds and hundreds of data sets" with information on the members of its cash-back shopping rewards program in a Hadoop data lake, said Mark Stange-Tregear, the San Francisco company's vice president of analytics.
Documenting all of the data and how it's used and being able to find and delete everything on an EU resident under GDPR's right-to-be-forgotten provision "is an interesting technical challenge," Stange-Tregear explained. But Ebates will do what needs to be done to meet the GDPR data protection requirements, he said. This handbook looks more closely at what that amounts to for companies on data governance.