The General Data Protection Regulation (GDPR), introduced by the European Union (EU), took effect on May 25, 2018. The regulation harmonizes data protection regulations and policies. It also offers organizations a detailed guideline on what aspects of data governance to focus on in order to protect the personal data of subjects, and enforces it by imposing heavy fines in case of non-compliance.
If your organization is affected by the GDPR, Talend helps with the “how” part (i.e., the implementation of the various GDPR articles). Recently, we hosted an on-demand webinar, Practical Steps to GDPR Compliance, focusing on a comprehensive 16-step plan to operationalize a data governance program that supports GDPR compliance.
Enforcing compliance with GDPR controls is the final step in this plan. To learn more about the previous fifteen steps, check out the links in the sidebar!
Practical Steps to GDPR Compliance now.
Enforcing GDPR Compliance
In each of the previous steps, we discussed various facets of GDPR implementation such as creating a data taxonomy, establishing data collection and acceptable use standards, tracking data lineage, and so on.
The final step aims to bring all these together by taking the program from the concept to the execution stage. In Step 1—developing policies and standards—we discussed a few important GDPR articles, and what they mean to organizations and their approaches to personal data protection. The objective of Step 1 is for the data governance team to establish a framework for GDPR controls.
In the following steps, we illustrated at a more detailed level of the different topics to be addressed within the data governance framework, and how to implement the related controls and audit trails.
This last step is about putting those controls into operation and maintaining them on an on-going basis as the data landscape and/or data regulations evolve. This is a collaborative effort that the data governance team has to orchestrate in conjunction with legal, privacy, and compliance. The objective is to ensure continued commitment to the GDPR, and create a culture and mindset among teams to adhere to the spirit of the regulation.
Mapping Controls to the GDPR Articles
GDPR controls are a key component of an overall framework to support regulatory compliance. They ensure that every article relating to EU personal data is not just written on paper, but that it also translates to specific action steps. Table 1 maps appropriate GDPR controls to sample articles, and also lists the corresponding Talend tools that enable implementation of the regulation in practice.
Table 1: Mapping of GDPR Controls and Talend Tools to the GDPR Articles
For example, Article 30 of the GDPR requires organizations to maintain a record of processing activities. The GDPR control that helps comply with this article is to track data lineage (where data comes, where it flows, and where it ends up). Talend Metadata Manager supports data lineage across multiple platforms. As the complete data landscape is defined in the product, the data flows and dependencies are graphically and automatically presented to the user.
Data governance teams need to look carefully at their existing programs and determine if and how it can be reused or modified to comply with the new regulation.
Talend has a powerful and diverse product portfolio that can cater to every item in the 16-step plan to GDPR compliance. We recommend that you evaluate the different tools available and explore how they help.
Products such as Talend Big Data, Talend Metadata Manager, Talend MDM, and Talend Data Quality, along with self-servicing apps such as Talend Data Preparation and Talend Data Stewardship can drive toward your GDPR goals much faster and in a more efficient manner. These automation products also ensure that organizations never take their foot off the pedal, enforcing compliance even as personal data definitions change.
To learn more about how to do this, and see all 16 steps together, don’t miss the on-demand webinar, Practical Steps to GDPR Compliance. The video covers information on developing standards and controls, identifying data owners, identifying critical data elements, conducting risk assessments, improving data quality, and more.