Danger Zone: How Big is Your GDPR Blind Spot?
Authored by Niamh Walsh, Sales & Marketing Director, Advanced Metadata
A blind spot in a car is considered to be a location in your viewpoint for which you don’t have a direct view. Knowing the location of your car’s blind spot is an essential part of safe driving and the blind spot is different for every model of car. Similarly, the new General Data Protection Regulation (GDPR) that will be coming into place on May 25th, 2018 present some potential “blind spots” for companies in terms of protecting customer data. Identifying the blind spots in your organization’s GDPR compliance model is of vital importance and—much like the blind spot in varying car models—it differs for every organization. When looking for your company’s GDPR blind spot you need to ask yourself a few questions:
- How do you measure your organization’s GDPR readiness and define the milestones to address the identified gaps?
- How does your organization know with certainty what data they have, where it is, and who is accessing it?
- How can your organization calculate their data compliance ratio with accuracy if the data is not validated against specific, relevant, GDPR principles?
- And what about the future? Is there a sustainable plan for ongoing regulatory compliance after May 2018?
Unless these blind spots have been eliminated, your company may be at risk of violating GDPR regulations, which can lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.
GDPR Regulations: Why Is It So Difficult?
To better understand their data—where it is, who has access to it and how it’s being used— many organisations are relying on static documents, manual processes, or point solutions. This makes it difficult to establish a holistic view of all in-scope data across the enterprise.
Additionally, they are too reliant on top-down assessments or generic evaluations to calculate compliance ratios. By doing so, data is not validated against the specific, relevant, GDPR principles and therefore there is no guarantee of accuracy.
Last, their assessments are not actionable, meaning while they can help with identifying gaps, IT won’t be able to close those gaps by taking direct control of the actual data.
In the effort to move towards compliance by May 25th, 2018, organizations must overcome these challenges by implementing an ongoing data governance model that is operationalized and cost-effective.
Getting a Better View of Your Blind Spots
Advanced Metadata is a software solution provider partnering with Talend to enable businesses with insight and assessments to start preparing for GDPR laws. Advanced Metadata has designed a survey to help companies self-assess data privacy practices so they can evaluate their GDPR readiness in less than 20 min. The survey then generates a dashboard highlighting the main gaps and related risks and recommendations to solve these issues.
Customers need simply connect to talend.gdprevaluation.com, analyze the results and download them in a pdf or PowerPoint format to share with internal teams. In the example below, high-risk for non-compliance has been identified on five GDPR principles using the self-assessment.
Once the survey has been completed, companies know where they are and where they need to go in order to become compliant. But one key question will remain: Is your data ready?
At Advanced Metadata, we leverage Talend technology together with own intellectual property to take a holistic view of our customer’s data. To bring this granular, accurate and complete view of a company’s data, we apply our approach directly to the raw data, or a sample of it, and stress test it against specific GDPR principles.
Reg Tech 5-Stage Methodology
Let’s see this Reg Tech platform in action for a central bank in Europe who had two major areas of concern on their way to GDPR compliance: the principle of Storage Limitation and the ability of the Bank to respond to Subject Access Requests.
The Reg Tech Compliance platform enforces compliance using the Reg Tech 5-Stage methodology:
- Data governance mapping allows Advanced Metadata to visually recreate the organizational map of the bank; outlining the relationships between departments and entities for a complete understanding of its data stewardship and governance policies.
- Data discovery helps discover the different datasets, both structured and unstructured, and put the lights on their usage of personal data.
- Data quality management, leveraging the Talend Data Fabric unified platform embedded in Reg Tech, established data integration and quality controls to reconcile those disparate data and provide lineage and traceability across data flows.
- Through Data Rules Analysis, decision and data quality controls could be settled based on a knowledge base with domain-specific use cases for GDPR. The Reg Tech pre-configured rules engine validates the data against GDPR principles and internal business rules, allowing IT departments to quickly identify compliance gaps.
- Data Reporting delivered via dashboard insights and reports to highlight areas of risks together with remediation recommendations to close the GDPR compliance gaps.
Note that this approach goes well beyond the initial assessment aimed at framing the problem. It brings the foundations for a compliance platform that delivers continuous, automated, data governance.
From insight to action
GDPR goes beyond establishing rules-based controls, monitoring dashboards, and whistle blowers for compliance. You then need a modern data platform to get an always up to date view of your data points and data flows; capture, reconcile and propagate data across your system; anonymize and minimize your data when personal data shouldn’t explicitly appear; engage lines of business for accountability; or deliver on the right of the subject such as the right of accessibility, rectification, right to be forgotten or data portability.
This is the reason why we have chosen to partner with Talend while designing our GDPR Consultant Toolkit. In addition to the data integration and quality capabilities that Talend add to our toolkit, we know that everything done during the design and assessment phase can then be operationalized at scale using the Talend Data Fabric platform.
Take the compliance eye test today at talend.gdprevaluation.com
Get started with this GDPR assessment and it will help you identify and prioritize key areas of risk.
For more information visit the Advanced Metadata website at http://www.advancedmetadata.com/ and the Talend GDPR solution page at https://www.talend.com/solutions/data-protection-gdpr-compliance/ .