Privacy Data Mismanagement Challenge
Jose Almeida
Data Consultant/Advisor | ???? ???? ???? ???? ???? ???? ???? | Data Strategy | Data Governance | Data Quality | Master Data Management | Remote/Onsite Consulting Services in EMEA
Data privacy and security are currently two high-profile topics, regulations are multiplying at national and international levels to define personal data and establish controls governing its maintenance and use, with growing enforcement of customer rights for appropriate data use.
Understanding that organizations gather more sensitive customer data to enable their services, in more applications, and in more locations than ever before, it is easy to conclude that data privacy and security are a challenge and must be among the top priorities.
In a context that is rapidly changing and with larger and larger volumes of data available - assuring that data is secured, and that all data protection regulations are respected is a priority, a critical challenge, and making data mismanagement a risk.
The Challenge
The risk of being non-compliant can mean negative publicity, damage to organizations’ reputations, and penalties. The requirements include that data be protected adequately, and when breaches do occur organizations must have notification capabilities in place that align with the regulation’s standards.
In the telecommunications and financial services industries, data is the ultimate battleground. Already under increasing pressure to meet regulatory demands and manage their business challenges, constantly evolving regulatory requirements, rising costs environment, pressure on profit margins, economic pressures, the challenge of satisfying the ever-increasing demands of customers and increased competition, they now face different data challenges.
For organizations that hold information for millions of customers on their systems keeping their personal information secure is already a challenge.
Compliance with these regulations is a massive task and there is no one size fits all solution.
It is no surprise that not all organizations are ready
Only organizations that know the what’s, where’s, how’s, who’s, when’s and why’s of its data, and take effective control of it, are able to minimize the risk and comply with the regulatory framework.
The most important step to compliance is to understand the data the organization holds. Across the organization, different departments, different systems will hold personal information.
Only after an organization has enough knowledge about its data, knowing it across the siloed ecosystem, being able to do full lineage of the data, and fully understand its life-cycle - can move to address data subject access rights, consent, breach response, data processing record keeping, and more.
Understanding what must be governed is the first step to governing it.
Data management
Data under the scope of data protection laws needs to be properly governed, allowing it to be easily located and managed, driving the implementation of robust data management solutions.
Data Governance
The goal of data governance is to ensure that an organization’s business objectives are accomplished, by guaranteeing that data is available as needed for business purposes, but also secure, private and in compliance with regulatory requirements. There is no one-size-fits-all approach to data governance and specially when organizations are being pressed to quickly adapt to the regulations - a more pragmatic and agile approach is paramount.
Master Data Management
MDM involves identifying your customer data, determining who accesses that data, creating a single view of the customer, and although it does not automatically make and organization compliant with the data protection laws, it easily accommodates the requirements to ensure compliance, as the right of rectification, erasure, consent or anonymization, enabling the full automation of these processes.
Metadata Management, Data Catalog, Data Lineage and Business Glossary
These are also critical components, ensuring the control of where and how data is found, how data elements relate to business terms, mapping and cataloguing sensitive and personal data.
Data Security
Data loss and breaches prevention is imperative, allowing to identify where data is located and how it is being used, it’s necessary to set-up a solutions that prevents unintentional loss or intentional theft of data, inappropriate exposure or unauthorized usage of such data, even when no loss or breach has occurred, but also breach detection and access control.
Also, it’s important to keep in mind that customers are losing their tolerance for data security failures and the awareness for these issues is growing, as some recent cases have shown (Cambridge Analytica or Facebook), and the probability to stop doing business with organizations that mishandle or are negligent data is greater than ever.
Business Processes
To ensure data is handled properly within the organization, changes in the existing business processes or even new processes need to be implemented, involving staff training, internal audits, and review of internal procedures.
This requires changes to various aspects of an organization’s structure and business objectives. Formal, well-planned, change management activities including internal communications, training, briefings, etc. are needed to ensure the success implementation of new data protection processes.
Data Minimalism
With more and more data is being accumulated across an organization’s multiple systems, data warehouses, data lakes, the more redundant and obsolete data is gathered, it is increasingly essential that all this data collection is consistently planned, creating strategies to make sure that the data being collected is being used, is clean and well managed.
This is critical when addressing customer data, especially in the light of the increasing regulations, and the increasing data privacy and security concerns among customers themselves, creating the need for organizations to collect only the necessary data to enable them to provide their products and services and being fully transparent about it to its customers.
Customer trust around data is becoming mission critical for most businesses, and they must design their products for transparency, trust, and responsible usage of data, so that customers can trust they’re only collecting the data that will help them improve products or services.
This new level of transparency builds trust and trust is being increasingly perceived as a key differentiator for customers when deciding on their relationships with organizations.
About the author
With over 20 years’ experience, Jose Almeida’s Data Management career has focused mainly in the areas of Data Governance, Data Quality, Master Data Management, ETL, Data Migration and Data Integration, with experience in worldwide projects in Europe, Middle East and Africa across a wide range of realities and different clients and industries, enabling organizations across the world to proactively manage their data asset and to address their challenges and gain more value from their data, focusing on providing solutions through the usage of best-of-breed technologies and methodologies.
Currently providing advisory and consulting services on data strategy, data governance, data quality and master data management.
Great overview and very insightful Jose Almeida.
Global Supply Chain Leader | Transformational Operations Executive | AI & Digital Transformation Advocate | Champion of Inclusion, Diversity & Circular Economy | Driving Sustainable Supply Chain Strategies
3 年Great Article Jose Almeida. I would also add that where organisations operate in jurisdictions in which the regulatory framework is not comprehensive, it remains the organization's responsibility to develop the right framework and processes in order to operate in line with Global standard and protect in particular personal data. In Kenya, I am glad that The Data protection Act was gazetted in Nov'19. - a step in the right direction. We now look forward to the enforcement aspects (awareness/ education, resourcing of the office of the Office of the Data protection Commissioner etc.) .
MD at Master Data Management - 20 years delivery of Data Governance, Data Quality and MDM solutions
3 年Good comprehensive overview, Jose.