Story image

Why a data consolidation strategy is the best approach to GDPR compliance

06 Jun 18

Article by Peter O’Connor, Vice President of Sales Asia Pacific, Snowflake Computing

As organisations around the world strive to comply with the European Union’s new General Data Protection Regulation (GDPR), many are realising they need a new approach to managing their data stores.

GDPR is designed to protect the privacy of all European citizens by requiring businesses operating within EU borders to have strict data security and privacy conditions in place. Businesses must be able to track and trace sensitive data and determine how it is processed and stored across their entire information supply chain.

When it comes to complying with these requirements, one of the key challenges faced by many organisations stems from the fact that customer data is spread across a range of different locations.

Some records might be held in a central CRM system within a corporate data centre while other data could be stored within a cloud platform or on servers in satellite offices.

In the course of everyday business activity, these data stores might also be replicated numerous times.

For example, a marketing team could create a fresh copy of a customer database to support a new marketing campaign. Meanwhile, a finance team might copy records to support an audit process or the IT department create a copy to test new processing algorithms.

As a result, an organisation may have no clear method of understanding exactly where customer data is being held and for what it is being used. This makes achieving compliance with GDPR a daunting prospect. 

As well as the requirements for strict data security, the GDPR laws also give European citizens the ‘right to be forgotten’. This means a company must be able to delete any personal data from their systems should a request be made.

When that data is spread across multiple platforms and locations, this task becomes difficult if not impossible.

Consolidation is the key

For most organisations, the only way to effectively comply with GDPR is to adopt a strategy of data consolidation.

Rather than having multiple data stores and copies of customer information, a single store should be created that can then be used by multiple groups as required.

This approach effectively decouples data from the processes that are making use of it. Rather than having individual stores to support individual applications, each application can access the central store as required.

In this way, a single copy of all data remains in a centralised location.

As well as helping with compliance, undertaking data consolidation can also deliver significant business benefits. Rather than having to search through multiple data stores, senior managers can obtain a single version of the truth.

With one data store, analysis and reporting can be undertaken with the confidence that results are based on the most up-to-date data available.

Using a cloud data store

GDPR compliance can become even more challenging when a business needs to share customer data with external parties. These could include business partners, third-party vendors and service providers.

Traditionally, such sharing has often led to the third party retaining a copy of the data on its own internal systems. In these scenarios, GDPR compliance can be difficult as there may be no way to assess the levels of data protection that exist on those systems.

A better approach is to place the organisation’s central data store on a trusted cloud platform. From there it can be securely accessed as required and also be shared with trusted third parties.

The data remains on the cloud platform at all times, making legislative compliance much easier. When it comes to responding to a ‘right to be forgotten’ request, the data needs only to be removed from one place.

Follow a strategy

Creating a single, cloud-based data store in which all customer data resides is a goal that may seem insurmountable for many organisations.

Having grown their operations over years, they are faced with large numbers of existing stores that hold different data sets, in different formats and potentially in different geographic locations.

The first step in a consolidation strategy is to locate and document all data stores in use within the organisation.

This audit should cover all stored managed by the IT department as well as those that have been created by individual departments, groups and staff members.

A trusted cloud service provider should then be selected and a staged migration program undertaken. This process does not have to be completed overnight but should be gradually followed to ensure no disruption occurs to key business activities.

Once data has been successfully transferred to the cloud platform, local stores should be deleted and checks undertaken to ensure that all copies have also been removed.

This will allow senior managers to be confident that GDPR compliance has been achieved and can be maintained in coming years.

Rather than being a headache for organisations, GDPR can actually deliver some significant business benefits. Through the creation of a single, cloud-based data store, process efficiencies can be improved and operational costs reduced.

CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Atos launches new French data centre – more modules to come
Atos together with the Yvelines departmental Council has officially launched its new data centre in Les Clayes-sous-Bois, Yvelines.
EU cloud adoption rising, but still far from mainstream
Cloud adoption is surging among some European Union (EU) nations but it still has a way to go to becoming commonplace across the board
Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Dell dominates enterprise storage market, HPE declines
The enterprise storage system market continues to be a goldmine for most vendors with demand relentlessly rising year-on-year.