Centralize your Data, Achieve Long-Term GDPR Compliance

The technology and cybersecurity industries have collectively spent two years painstakingly preparing for the general data protection regulation (GDPR), which came into force just over five months ago. Designed to “protect and empower” all EU citizens’ data privacy, as well as to “reshape” the way organizations across the region approach customer data, GDPR has sparked one of the largest industry shake-ups in recent memory.

Some reached the deadline compliant. Others - likely to be in significant numbers - were and still are working through their compliance strategies. Wherever your organization fits along this journey, building a framework that builds in compliance for the long-term is likely to represent a challenge.

Indeed, recent research from SAS has indicated that consumers are now more likely to make data requests or exercise their data protection rights than ever before. As a result, the pressure to implement healthy data compliance has never been greater. 

As complaints start to rack up against firms regarding their use of data, one main area that many are still struggling with, and need to face up to, is the “data sprawl”. 

Over the last decade or so, data storage became so simple and affordable that businesses began storing anything and everything. However, much of this naturally qualifies as personal data, meaning it has to be controlled, secured, and ‘deletable’ or anonymized.

In larger businesses in particular, this is no simple task. The widespread adoption of flexible working, along with the proliferation of devices now being used for work and the growth in traditional business intelligence software, has resulted in data being stored in a tangled web of locations. Like a swamp, this data is messy, dirty and there’s a real lack of understanding as to what exactly is going on below the surface.

Turning swamps into lakes 
Achieving GDPR compliance, while trying to trudge through ‘data swamps’, simply isn’t achievable or sustainable. A CISO cannot afford to lose track of what data is being stored and how it is stored. 

What you need is a clean and clear data lake. A ‘data lake’ can hold massive amounts of data, but comes with greater clarity. All the data is dropped into one place; it is not necessarily organized or structured for analysis but it’s stored there intentionally.

Businesses typically know what’s in the lake, how it’s being stored and why it’s there. However, tracking down every location where data resides is a significant task - one that requires the correct tools and know-how. 

Raw data on its own is like crude oil. It’s not valuable until it has been analyzed, processed and refined. Until now, many companies have neglected this process of refinement and stockpiled ‘crude’ data. GDPR changes this, and forces business to approach data with the mentality of ‘what are the businesses problems we’re trying to solve?’ rather than ‘if we can store it, we might as well’.

Analyzing data where it resides 
Once these challenges and opportunities have been defined, businesses need a platform built to access data where it resides. This immediately cuts down the number of steps required to start examining that data and delving into whether it’s actually useful or not. 

With many traditional data analytics tools, analysts are forced to extract data into a proprietary analytics engine or save it on local machines. As more and more businesses are storing their data within platforms such as AWS S3 or Google Cloud Storage, the tools that exist to examine and query that data without moving from those sources will eliminate further data sprawl – critical to achieving long-term compliance.  

Harnessing best-in-class databases 
Today’s databases, whether hosted on-premise or in the cloud, offer a huge number of options for securing data. Cloud providers maintain a wealth of compliance certifications, as well as advanced testing programs to detect suspicious activity and keep systems updated to safeguard against the latest vulnerabilities.

Ensuring you work with a platform that has built-in integration with these applications means that you won’t need to move data from where it belongs, maintaining protection from enterprise-grade secure perimeters.

By containing your data, relying on world-class database services and performing analytics without extracting data from where it resides, you’ll be setting your business up for GDPR compliance, while also enabling analytics to deliver real, tangible business insights. 

Finally, the companies that embrace GDPR and the vision behind it - and communicate its prevalence to their customers - will reap the most rewards. Those that truly live its values of confidentiality, openness, trust and security will see significantly improved customer relationships.

A culture and operational process that embraces transparency breeds trust and competitive advantage. IT teams have the potential to reshape an organization’s ethos to achieve just that.  

What’s Hot on Infosecurity Magazine?