[GDPR Step 14] How to Govern the Lifecycle of Information
The General Data Protection Regulation (GDPR), introduced by the European Union (EU), took effect on May 25, 2018. With the introduction of the GDPR, organizations need to manage the lifecycle of personal information on data subjects, right from when data was created until it needs to be removed.
We recently hosted an on-demand webinar, Practical Steps to GDPR Compliance, that focuses on a comprehensive 16-step plan to operationalize a data governance program that supports GDPR compliance.
Governing the lifecycle of information—a process formally called “information lifecycle management”—is Step 14 in this plan. To learn more about the first thirteen steps, check out the links in the sidebar!
GDPR’s Impact on Information Lifecycle Management (ILM)
Information lifecycle management (ILM) oversees and maintains data from creation to disposal. ILM helps optimize the value of data, lower maintenance costs, and cut compliance risks.
Here are a few GDPR articles that necessitate ILM:
In essence, these GDPR articles mean that every organization needs the means to provide accurate data anytime the customer wants to access, remove, or rectify his or her information.
Using Talend for Information Lifecycle Management
Data governance teams need to establish mechanisms that allow data subjects to request the erasure of their data. They must also establish operational controls so that such requests are reviewed and acted upon in a timely manner.
Talend Data Services can help organizations provide a GDPR service on their websites, exposing data access points to meet the rights of data subjects, including the right of access, right of rectification, and right to be forgotten. Through Talend Data Integration (see Figure 1), data can be automatically and safely extracted and rendered in a machine-readable format to meet the right to data portability.
Figure 1: Complying with the right to data portability with Talend Data Integration.
Talend Metadata Manager provides a repository, which is key to quickly identifying all the places where a person’s data resides within the organization or its processors. It is vital to map each critical data element (CDE) to where it occurs in source systems. The challenge is that businesses typically know their customers and employees in many different contexts. For example, an airline may have information about a customer scattered across Twitter, passenger records, and frequent flier accounts.
Talend Big Data and Talend Master Data Manager embed native data quality to match disparate data, helping the business understand that John Smith is the same person as jsmith@widgets.com and @JohnSmith. Once reconciled in the unified data flow, Talend Metadata Manager can visually show the end-to-end information supply chain (see Figure 2) and use it as the foundation to assign related roles and responsibilities for data governance and stewardship.
Figure 2: Creating a data inventory for compliance with Talend Metadata Manager.
Next Steps to Governing the Lifecycle of Information
While governing the lifecycle of information, organizations need to be all-encompassing, covering data and metadata, as well as physical and digital footprints in the organization’s repositories. Talend tools enable the consolidation of data fragmented across systems to make it easily available for data subjects.
The next step of Talend’s comprehensive 16-step plan to achieve GDPR compliance is setting up data sharing agreements.
← Step 13 | Step 15 →
More related articles
- Pillars to GDPR Success (2 of 5): Data Capture and Integration
- Pillars to GDPR Success (4 of 5): Self-Service Curation and Certification
- Pillars to GDPR Success (3 of 5): Anonymize and Pseudonymize for Data Protection with Data Masking
- Pillars to GDPR Success (5 of 5): Data Access and Portability
- Preparing for GDPR
- Pillars to GDPR Success (1 of 5): Data Classification and Lineage
- PCI DSS: Definition, 12 Requirements, and Compliance
- [GDPR Step 15] How to Set Up Data Sharing Agreements
- [GDPR Step 16] How to Enforce Compliance with Controls
- [GDPR Step 13] How to Manage End-User Computing
- [GDPR Step 11] How to Stitch Data Lineage
- [GDPR Step 09] How to Conduct Vendor Risk Assessments
- [GDPR Step 12] How to Govern Analytical Models
- [GDPR Step 10] How to Improve Data Quality
- [GDPR Step 08] How to Conduct Data Protection Impact Assessments
- [GDPR Step 07] How to Establish Data Masking Standards
- [GDPR Step 3] How to Confirm Data Owners
- [GDPR Step 06] How to Define Acceptable Use Standards for GDPR
- [GDPR Step 2] The Importance of Creating Data Taxonomy
- [GDPR Step 4] How to Identify Critical Datasets and Critical Data Elements
- What is Data Portability?
- [GDPR Step 01] How to Develop Policies, Standards, and Controls
- What is Data Privacy?
- [GDPR Step 5] How to Establish Data Collection Standards