The General Data Protection Regulation (GDPR), introduced by the European Union (EU), took effect on May 25, 2018. With the introduction of the GDPR, organizations need to manage the lifecycle of personal information on data subjects, right from when data was created until it needs to be removed.
Governing the lifecycle of information—a process formally called “information lifecycle management”—is Step 14 in this plan. To learn more about the first thirteen steps, check out the links in the sidebar!
How to Govern the Lifecycle of Information [GDPR Step 14] now.
GDPR’s Impact on Information Lifecycle Management (ILM)
Information lifecycle management (ILM) oversees and maintains data from creation to disposal. ILM helps optimize the value of data, lower maintenance costs, and cut compliance risks.
Here are a few GDPR articles that necessitate ILM:
- Article 17 of the GDPR provides for the right to erasure, commonly known as the “right to be forgotten.” Data subjects may require companies to erase their personal data in a number of situations, including when the information is no longer necessary for the original purpose for which it was collected.
- Article 16 requires companies to rectify inaccurate personal information and to complete any missing personal data without undue delay (“right of rectification”). To comply with this article, companies need to address any data quality issues relating to the personal information of data subjects. Also, data that has become fragmented across multiple systems need to be reconciled to provide a consistent view to the customer.
- Article 15 and Article 20 concern “right to access” and “right to data portability,” respectively. Data subjects can request all their data in a machine-readable format and details on how their data is processed.
In essence, these GDPR articles mean that every organization needs the means to provide accurate data anytime the customer wants to access, remove, or rectify his or her information.
Using Talend for Information Lifecycle Management
Data governance teams need to establish mechanisms that allow data subjects to request the erasure of their data. They must also establish operational controls so that such requests are reviewed and acted upon in a timely manner.
Talend Data Services can help organizations provide a GDPR service on their websites, exposing data access points to meet the rights of data subjects, including the right of access, right of rectification, and right to be forgotten. Through Talend Data Integration (see Figure 1), data can be automatically and safely extracted and rendered in a machine-readable format to meet the right to data portability.
Figure 1: Complying with the right to data portability with Talend Data Integration
Talend Metadata Manager provides a repository, which is key to quickly identifying all the places where a person’s data resides within the organization or its processors. It is vital to map each critical data element (CDE) to where it occurs in source systems. The challenge is that businesses typically know their customers and employees in many different contexts. For example, an airline may have information about a customer scattered across Twitter, passenger records, and frequent flier accounts.
Talend Big Data and Talend Master Data Manager embed native data quality to match disparate data, helping the business understand that John Smith is the same person as firstname.lastname@example.org and @JohnSmith. Once reconciled in the unified data flow, Talend Metadata Manager can visually show the end-to-end information supply chain (see Figure 2) and use it as the foundation to assign related roles and responsibilities for data governance and stewardship.
Figure 2: Creating a data inventory for compliance with Talend Metadata Manager
Next Steps to Governing the Lifecycle of Information
While governing the lifecycle of information, organizations need to be all-encompassing, covering data and metadata, as well as physical and digital footprints in the organization’s repositories. Talend tools enable the consolidation of data fragmented across systems to make it easily available for data subjects.
To learn more about this, and see all 16 steps together, don’t miss the on-demand webinar, Practical Steps to GDPR Compliance. The video covers information on developing standards and controls, identifying data owners and critical data elements, conducting risk assessments, improving data quality, and more.