[GDPR Step 14] How to Govern the Lifecycle of Information

The General Data Protection Regulation (GDPR), introduced by the European Union (EU), took effect on May 25, 2018. With the introduction of the GDPR, organizations need to manage the lifecycle of personal information on data subjects, right from when data was created until it needs to be removed.

We recently hosted an on-demand webinar, Practical Steps to GDPR Compliance, that focuses on a comprehensive 16-step plan to operationalize a data governance program that supports GDPR compliance.

Governing the lifecycle of information—a process formally called “information lifecycle management”—is Step 14 in this plan. To learn more about the first thirteen steps, check out the links in the sidebar!

GDPR’s Impact on Information Lifecycle Management (ILM)

Information lifecycle management (ILM) oversees and maintains data from creation to disposal. ILM helps optimize the value of data, lower maintenance costs, and cut compliance risks.

Here are a few GDPR articles that necessitate ILM:

In essence, these GDPR articles mean that every organization needs the means to provide accurate data anytime the customer wants to access, remove, or rectify his or her information.

Using Talend for Information Lifecycle Management

Data governance teams need to establish mechanisms that allow data subjects to request the erasure of their data. They must also establish operational controls so that such requests are reviewed and acted upon in a timely manner.

Talend Data Services can help organizations provide a GDPR service on their websites, exposing data access points to meet the rights of data subjects, including the right of access, right of rectification, and right to be forgotten. Through Talend Data Integration (see Figure 1), data can be automatically and safely extracted and rendered in a machine-readable format to meet the right to data portability.

Figure 1: Complying with the right to data portability with Talend Data Integration.

Talend Metadata Manager provides a repository, which is key to quickly identifying all the places where a person’s data resides within the organization or its processors. It is vital to map each critical data element (CDE) to where it occurs in source systems. The challenge is that businesses typically know their customers and employees in many different contexts. For example, an airline may have information about a customer scattered across Twitter, passenger records, and frequent flier accounts.

Talend Big Data and Talend Master Data Manager embed native data quality to match disparate data, helping the business understand that John Smith is the same person as jsmith@widgets.com and @JohnSmith. Once reconciled in the unified data flow, Talend Metadata Manager can visually show the end-to-end information supply chain (see Figure 2) and use it as the foundation to assign related roles and responsibilities for data governance and stewardship.

Figure 2: Creating a data inventory for compliance with Talend Metadata Manager.

Next Steps to Governing the Lifecycle of Information

While governing the lifecycle of information, organizations need to be all-encompassing, covering data and metadata, as well as physical and digital footprints in the organization’s repositories. Talend tools enable the consolidation of data fragmented across systems to make it easily available for data subjects.

The next step of Talend’s comprehensive 16-step plan to achieve GDPR compliance is setting up data sharing agreements.

← Step 13  |  Step 15 →

Ready to get started with Talend?