In light of recent, high-profile data breaches, it’s past-time we re-examined strategic data governance and its role in managing regulatory requirements.
News broke earlier this week of British Airways being fined 183 million pounds – or $228 million – by the U.K. for alleged violations of the European Union’s General Data Protection Regulation (GDPR). While not the first, it is the largest penalty levied since the GDPR went into effect in May 2018.
Given this, Oppenheimer & Co. cautions:
“European regulators could accelerate the crackdown on GDPR violators, which in turn could accelerate demand for GDPR readiness. Although the CCPA [California Consumer Privacy Act, the U.S. equivalent of GDPR] will not become effective until 2020, we believe that new developments in GDPR enforcement may influence the regulatory framework of the still fluid CCPA.”
With all the advance notice and significant chatter for GDPR/CCPA, why aren’t organizations more prepared to deal with data regulations?
In a word? Complexity.
The complexity of regulatory requirements in and of themselves is aggravated by the complexity of the business and data landscapes within most enterprises.
So it’s important to understand how to use strategic data governance to manage the complexity of regulatory compliance and other business objectives …
Designing and Operationalizing Regulatory Compliance Strategy
It’s not easy to design and deploy compliance in an environment that’s not well understood and difficult in which to maneuver. First you need to analyze and design your compliance strategy and tactics, and then you need to operationalize them.
Modern, strategic data governance, which involves both IT and the business, enables organizations to plan and document how they will discover and understand their data within context, track its physical existence and lineage, and maximize its security, quality and value. It also helps enterprises put these strategic capabilities into action by:
- Understanding their business, technology and data architectures and their inter-relationships, aligning them with their goals and defining the people, processes and technologies required to achieve compliance.
- Creating and automating a curated enterprise data catalog, complete with physical assets, data models, data movement, data quality and on-demand lineage.
- Activating their metadata to drive agile data preparation and governance through integrated data glossaries and dictionaries that associate policies to enable stakeholder data literacy.
Five Steps to GDPR/CCPA Compliance
With the right technology, GDPR/CCPA compliance can be automated and accelerated in these five steps:
- Catalog systems
Harvest, enrich/transform and catalog data from a wide array of sources to enable any stakeholder to see the interrelationships of data assets across the organization.
- Govern PII “at rest”
Classify, flag and socialize the use and governance of personally identifiable information regardless of where it is stored.
- Govern PII “in motion”
Scan, catalog and map personally identifiable information to understand how it moves inside and outside the organization and how it changes along the way.
- Manage policies and rules
Govern business terminology in addition to data policies and rules, depicting relationships to physical data catalogs and the applications that use them with lineage and impact analysis views.
- Strengthen data security
Identify regulatory risks and guide the fortification of network and encryption security standards and policies by understanding where all personally identifiable information is stored, processed and used.
How erwin Can Help
erwin is the only software provider with a complete, metadata-driven approach to data governance through our integrated enterprise modeling and data intelligence suites. We help customers overcome their data governance challenges, with risk management and regulatory compliance being primary concerns.
However, the erwin EDGE also delivers an “enterprise data governance experience” in terms of agile innovation and business transformation – from creating new products and services to keeping customers happy to generating more revenue.
Whatever your organization’s key drivers are, a strategic data governance approach – through business process, enterprise architecture and data modeling combined with data cataloging and data literacy – is key to success in our modern, digital world.
If you’d like to get a handle on handling your data, you can sign up for a free, one-on-one demo of erwin Data Intelligence.
For more information on GDPR/CCPA, we’ve also published a white paper on the Regulatory Rationale for Integrating Data Management and Data Governance.
One reply on “Using Strategic Data Governance to Manage GDPR/CCPA Complexity”
Note is of great interest. Unfortunately I was unable to download the White Paper – I believe you have a “bug” in the identification function which says I didn’t answer all the questions but, in actuality, I had.