[GDPR Step 16] How to Enforce Compliance with Controls
The General Data Protection Regulation (GDPR), introduced by the European Union (EU), took effect on May 25, 2018. The regulation harmonizes data protection regulations and policies. It also offers organizations a detailed guideline on what aspects of data governance to focus on in order to protect the personal data of subjects, and enforces it by imposing heavy fines in case of non-compliance.
If your organization is affected by the GDPR, Talend helps with the “how” part (i.e., the implementation of the various GDPR articles). Recently, we hosted an on-demand webinar, Practical Steps to GDPR Compliance, focusing on a comprehensive 16-step plan to operationalize a data governance program that supports GDPR compliance.
Enforcing compliance with GDPR controls is the final step in this plan. To learn more about the previous fifteen steps, check out the links in the sidebar!
Enforcing GDPR Compliance
In each of the previous steps, we discussed various facets of GDPR implementation such as creating a data taxonomy, establishing data collection and acceptable use standards, tracking data lineage, and so on.
The final step aims to bring all these together by taking the program from the concept to the execution stage. In Step 1—developing policies and standards—we discussed a few important GDPR articles, and what they mean to organizations and their approaches to personal data protection. The objective of Step 1 is for the data governance team to establish a framework for GDPR controls.
In the following steps, we illustrated at a more detailed level of the different topics to be addressed within the data governance framework, and how to implement the related controls and audit trails.
This last step is about putting those controls into operation and maintaining them on an on-going basis as the data landscape and/or data regulations evolve. This is a collaborative effort that the data governance team has to orchestrate in conjunction with legal, privacy, and compliance. The objective is to ensure continued commitment to the GDPR, and create a culture and mindset among teams to adhere to the spirit of the regulation.
Mapping Controls to the GDPR Articles
GDPR controls are a key component of an overall framework to support regulatory compliance. They ensure that every article relating to EU personal data is not just written on paper, but that it also translates to specific action steps. Table 1 maps appropriate GDPR controls to sample articles, and also lists the corresponding Talend tools that enable implementation of the regulation in practice.
Table 1: Mapping of GDPR Controls and Talend Tools to the GDPR Articles.
For example, Article 30 of the GDPR requires organizations to maintain a record of processing activities. The GDPR control that helps comply with this article is to track data lineage (where data comes, where it flows, and where it ends up). Talend Metadata Manager supports data lineage across multiple platforms. As the complete data landscape is defined in the product, the data flows and dependencies are graphically and automatically presented to the user.
Data governance teams need to look carefully at their existing programs and determine if and how it can be reused or modified to comply with the new regulation.
Talend has a powerful and diverse product portfolio that can cater to every item in the 16-step plan to GDPR compliance. We recommend that you evaluate the different tools available and explore how they help.
Products such as Talend Big Data, Talend Metadata Manager, Talend MDM, and Talend Data Quality, along with self-servicing apps such as Talend Data Preparation and Talend Data Stewardship can drive toward your GDPR goals much faster and in a more efficient manner. These automation products also ensure that organizations never take their foot off the pedal, enforcing compliance even as personal data definitions change.
Ready to get started with Talend?
More related articles
- Pillars to GDPR Success (2 of 5): Data Capture and Integration
- Pillars to GDPR Success (4 of 5): Self-Service Curation and Certification
- Pillars to GDPR Success (3 of 5): Anonymize and Pseudonymize for Data Protection with Data Masking
- Pillars to GDPR Success (5 of 5): Data Access and Portability
- Preparing for GDPR
- [GDPR Step 14] How to Govern the Lifecycle of Information
- Pillars to GDPR Success (1 of 5): Data Classification and Lineage
- PCI DSS: Definition, 12 Requirements, and Compliance
- [GDPR Step 15] How to Set Up Data Sharing Agreements
- [GDPR Step 13] How to Manage End-User Computing
- [GDPR Step 11] How to Stitch Data Lineage
- [GDPR Step 09] How to Conduct Vendor Risk Assessments
- [GDPR Step 12] How to Govern Analytical Models
- [GDPR Step 10] How to Improve Data Quality
- [GDPR Step 08] How to Conduct Data Protection Impact Assessments
- [GDPR Step 07] How to Establish Data Masking Standards
- [GDPR Step 3] How to Confirm Data Owners
- [GDPR Step 06] How to Define Acceptable Use Standards for GDPR
- [GDPR Step 2] The Importance of Creating Data Taxonomy
- [GDPR Step 4] How to Identify Critical Datasets and Critical Data Elements
- What is Data Portability?
- [GDPR Step 01] How to Develop Policies, Standards, and Controls
- What is Data Privacy?
- [GDPR Step 5] How to Establish Data Collection Standards