Surprisingly, even with all the talks and events circulating with regard to the ‘looming’ GDPR, a lot of companies that we talk to have no plans in place to address the strict regulations. Even more surprising is that we still hear ‘what’s that?’ when we mention the all-encompassing data regulations. May 25th 2018 is ages away, we have plenty to time to get organised. The truth is that GDPR is already enacted and it is now we need to get our house in order, not 6 months before the fines start kicking in.
Unstructured data has always been difficult to track and monitor, never more so than in today’s world, where we would rather buy more storage than to even attempt to sort the nightmare that is unstructured data. To quote the Parkinson’s Law corollary, ‘Data expands to fill the space available for storage’. In my opinion, one of the first steps to take should be to delete data that is no longer relevant or required. If you don’t have it, you don’t need to worry about it. Far too many companies are holding on to data that they do not need which has the dual disadvantages of expensive storage and also the time and effort to properly manage and protect.
For data that is required to be kept, it is imperative that is managed correctly. Having sensitive data, ie. personal data, PCI data, HIPPA data etc., is not the problem in itself but can you tell where this data resides on your repositories? Can you show an auditor at short notice who has permissions to access who has permissions to access this data and furthermore who has accessed this data? If the answer to any of these questions is no, be worried! The time to start implementing solutions is now if you have not already started. Asystec has the vast experience in implementing data solutions and have a dedicated data governance team.