Data Center Journal

VOLUME 55 | APRIL 2018

Issue link: https://cp.revolio.com/i/964464

Contents of this Issue

Navigation

Page 12 of 20

10 | THE DATA CENTER JOURNAL www.datacenterjournal.com T he Global Data Protection Regulation (GDPR) is de- signed to answer that call, and it's one of the most significant regulations designed for this new data age. e GDPR is a broad, complex regula- tion that addresses how organizations capture, control and process personal information. e regulation, ratified by e European Commission in April 2016 and ready to go into effect in May 2018, applies to any company inside or outside the European Union that offers goods and services to EU residents. Any organization that con- ducts business in the EU and collects personal data must comply with this regulation. What's significant about this regu- lation is its scope. e GDPR strength- ens privacy laws, giving individuals greater control over which entities have their data, and how it will be used. e GDPR shouldn't be taken lightly. Organizations are expected to be 100% compliant immediately fol- lowing its implementation. Regulators will issue large fines for noncompli- ance: up to 2–4% of global revenue, not to mention potential corporate reputational damage that results from losing customers' trust. Despite the threat of such penalties, industry ana- lyst Gartner predicts that more than 50 percent of companies affected by the regulation won't be in full compliance by the end of 2018. Although complying with all 99 articles of the regulation is daunting and expensive, organizations should use the GDPR as a catalyst to mod- ernize their data strategies and as a platform to launch broader privacy efforts. Protecting and securing data is about establishing the right processes around your data and making that data transparent, where necessary, across the organization. GDPR: ALL ABOUT THE DATA To ensure GDPR compliance, an organization must be able to answer three crucial questions and show proof of those answers: • Where is my data? • Who is responsible for that data? • How and why am I processing that data? Complying with the GDPR requires a new approach and new tools for data protection and privacy. Manual approaches, Excel spreadsheets and bolt-on IT systems are insuffi- cient. Data governance can provide the answers an organization needs to begin addressing the complex issues sur- rounding GDPR compliance. It offers a framework for managing and defin- ing enterprise-wide policies, business rules and data assets to provide the necessary level of data protection and quality. is capability is important in meeting GDPR requirements, such as "privacy by design." A good governance program al- lows an organization to fully under- stand its data landscape. With data governance, organizations gain clarity regarding what data they have and who owns it. is clarity makes it easier to report on data, a critical requirement of regulators. When you can find, understand and trust data, you can provide the evidence that regulators need to prove compliance. is ability to report on data is incredibly important when it comes to one of the biggest challenges the GDPR poses: breach notifications. Data breaches are a growing concern for both business and individuals. In fact, IDC predicts that by 2020, data breach- es will affect nearly 25% of the world's population. Under the GDPR, compa- nies must report certain data breaches no later than 72 hours following the occurrence. Without the appropriate context regarding their data, organiza- tions simply can't provide answers to regulators' most critical questions. CREATING A LONG-TERM DATA STRATEGY Data governance can be the foundation of a long-term data strategy that helps an organization not only the meet the current requirements of the GDPR and other regulations, but also quickly adapt to future regulations. The GDPR shouldn't be taken lightly. Organizations are expected to be 100% compliant immediately following its implementation. Regulators will issue large fines for noncompliance: up to 2–4% of global revenue, not to mention potential corporate reputational damage that results from losing customers' trust.

Articles in this issue

Links on this page

Archives of this issue

view archives of Data Center Journal - VOLUME 55 | APRIL 2018