IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Why a data consolidation strategy is the best approach to GDPR compliance
Wed, 6th Jun 2018
FYI, this story is more than a year old

As organisations around the world strive to comply with the European Union's new General Data Protection Regulation (GDPR), many are realising they need a new approach to managing their data stores.

GDPR is designed to protect the privacy of all European citizens by requiring businesses operating within EU borders to have strict data security and privacy conditions in place. Businesses must be able to track and trace sensitive data and determine how it is processed and stored across their entire information supply chain.

When it comes to complying with these requirements, one of the key challenges faced by many organisations stems from the fact that customer data is spread across a range of different locations.

Some records might be held in a central CRM system within a corporate data center while other data could be stored within a cloud platform or on servers in satellite offices.

In the course of everyday business activity, these data stores might also be replicated numerous times.

For example, a marketing team could create a fresh copy of a customer database to support a new marketing campaign. Meanwhile, a finance team might copy records to support an audit process or the IT department create a copy to test new processing algorithms.

As a result, an organisation may have no clear method of understanding exactly where customer data is being held and for what it is being used. This makes achieving compliance with GDPR a daunting prospect.

As well as the requirements for strict data security, the GDPR laws also give European citizens the ‘right to be forgotten'. This means a company must be able to delete any personal data from their systems should a request be made.

When that data is spread across multiple platforms and locations, this task becomes difficult if not impossible.

Consolidation is the key

For most organisations, the only way to effectively comply with GDPR is to adopt a strategy of data consolidation.

Rather than having multiple data stores and copies of customer information, a single store should be created that can then be used by multiple groups as required.

This approach effectively decouples data from the processes that are making use of it. Rather than having individual stores to support individual applications, each application can access the central store as required.

In this way, a single copy of all data remains in a centralised location.

As well as helping with compliance, undertaking data consolidation can also deliver significant business benefits. Rather than having to search through multiple data stores, senior managers can obtain a single version of the truth.

With one data store, analysis and reporting can be undertaken with the confidence that results are based on the most up-to-date data available.

Using a cloud data store

GDPR compliance can become even more challenging when a business needs to share customer data with external parties. These could include business partners, third-party vendors and service providers.

Traditionally, such sharing has often led to the third party retaining a copy of the data on its own internal systems. In these scenarios, GDPR compliance can be difficult as there may be no way to assess the levels of data protection that exist on those systems.

A better approach is to place the organisation's central data store on a trusted cloud platform. From there it can be securely accessed as required and also be shared with trusted third parties.

The data remains on the cloud platform at all times, making legislative compliance much easier. When it comes to responding to a ‘right to be forgotten' request, the data needs only to be removed from one place.

Follow a strategy

Creating a single, cloud-based data store in which all customer data resides is a goal that may seem insurmountable for many organisations.

Having grown their operations over years, they are faced with large numbers of existing stores that hold different data sets, in different formats and potentially in different geographic locations.

The first step in a consolidation strategy is to locate and document all data stores in use within the organisation.

This audit should cover all stored managed by the IT department as well as those that have been created by individual departments, groups and staff members.

A trusted cloud service provider should then be selected and a staged migration program undertaken. This process does not have to be completed overnight but should be gradually followed to ensure no disruption occurs to key business activities.

Once data has been successfully transferred to the cloud platform, local stores should be deleted and checks undertaken to ensure that all copies have also been removed.

This will allow senior managers to be confident that GDPR compliance has been achieved and can be maintained in coming years.

Rather than being a headache for organisations, GDPR can actually deliver some significant business benefits. Through the creation of a single, cloud-based data store, process efficiencies can be improved and operational costs reduced.