Unstructured Data -- What It Means for GDPR Compliance
Back in January of 2012, the first proposals of the European Union General Data Protection Regulation (GDPR) were released, and after years of negotiating it finally becomes enforceable this Friday, May 25, 2018. Despite the long road to the enforcement, many organizations that fall within the regulation are still dangerously unprepared for the ne
cessary technical changes within customer-business interactions in order to comply.
A Quick Look at GDPR
Given the substantial buzz around GDPR, and massive fines, there’s a good chance you know the basics of the regulation. In the event that you have been putting GDPR education on the backburner, here are some fast facts you need to know:
GDPR was developed to protect all EU citizens from privacy and data breaches in our data-driven world
It applies to all companies processing personal data of citizens or individuals residing in the EU, regardless of company location
Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater)
Request for consent must be presented in an easily accessible form, outlining the purpose for data processing and with an easy way to withdraw consent
Companies are now mandated to send breach notifications within 72 hours of becoming aware of a security incident
And, possibly the most difficult data right to enforce is the right to be forgotten. That means if a customer asks for their data to be erased, organizations must be able to find and completely wipe out the entire record. Which brings us to the focus of today’s blog -- unstructured data.
The Risks of Unstructured Data in the GDPR Era
Unstructured data, or data that aren’t stored in a fixed record length format, are estimated to make up over 80% of enterprise data. Decades ago this might not have been a problem, but in our current data-driven environment we’ve become data hoarders, and it may be time to condemn our storage before it threatens our safety.
Under the rule of GDPR, it will be a costly mistake to have data that has been forgotten, ignored, and kept in an unstructured state. If a customer decides they would like to enact their right to be forgotten, that won’t even be technically possible if all data isn’t categorized and analyzed so it is searchable and retrievable.
Danger Lurking in the 80%
From a business perspective, many may think that GDPR doesn’t apply to them. However, you must consider the ramifications of that assumption. Are you prepared to pay crippling fines because you would prefer to just buy more storage than to address the unstructured data problem? Given that 80% of your company’s data is unmanaged and unknown, there could be personally identifiable information of EU citizens resting in your storage, waiting to be compromised in the next data breach.
Gain Visibility Into Data with Baseline Assessments
While GDPR might be the catalyst for organizations taking responsibility for their data hoarding problems, there are a significant benefits when bringing dark data into the light. With visibility and data baseline assessments, data can be scanned through to identify risks and filters can be added to find GDPR applicable data.
Assessments help you:
Know what data you have
Categorize your data into the right buckets
Determine what security mechanisms you need to protect the data and know when you’ve been breached
Determine realistic storage requirements, avoiding over provisioning and overspending
Empower business decisions and improve business agility
Face the Security Breach Reality
GDPR is multifaceted, which means you cannot just buy a technology or manage your data and be compliant. As the occurrences of data breaches steadily rise, it’s not just about knowing your data, but also extending perimeter protections and empowering security with insights in order to protect both unstructured and structured data from being breached.
We don’t know when the first round of GDPR fines will happen, but we’re confident that between now and then, there will be a multitude of records compromised. All organizations, regardless of compliance standards, that want to ensure financial strength and operational efficiency should consider using technologies to safeguard data including multi-factor authentication (MFA) so you know who is accessing your data, user and entity behavior analytics (UEBA) to help spot any anomalies with data handling, and next generation firewalls to block and mitigate inevitable threats.
Start Taming the Data
At Edgeworx Solutions, we provide a variety of assessments so that our clients can finally identify issues, visualize ecosystems end-to-end, and translate the intelligence into technology deployments that support overall business goals. Whether you need to work towards GDPR compliance or you’re just tired of being shackled by unstructured data, our experts can help. Give us a call at +1.647.793.4731!