This is the fifth blog in a six-part series. Catch up on previous blogs.
A five-point plan to act on
Business requirements coupled with regulatory upheaval, embodied by the General Data Protection Regulation (GDPR), are taking IT organizations to a tipping point where they must take a much more proactive approach to understanding and managing their data. Below is a simple five-point plan for using GDPR as a catalyst for change:
1. Take the GDPR requirements for data management as both an imperative and a catalyst for change
From a data management discipline perspective, minimisation, retention, accuracy, integrity and confidentiality are well understood, albeit from a slightly different perspective. These happen to be four of the core data protection principles of GDPR, while the others are lawfulness, fairness and transparency, and purpose limitation. In terms of data management capabilities the following are important contributors to the plan for GDPR compliance:
- Profile Enterprise Information
- Automate classification and retention
- Search for PII, including items such as PCI
- Monitor for PII in unauthorized locations
- Simplify the response to ‘Right to Access,’ rectification and erasure requests
- Set alerts on anomalous access of GDPR-related info
- Support breach notification planning
- Test and development
- End user search
- End user self-service recovery
- Analytics – operational, risk and business
2. Plan to consolidate data operations as part of the GDPR plan (backup/recovery, archive/managed retention, snapshot and replica management, etc.). And, as with the previous steps, the savings that can be obtained from consolidation can be significant.
3. Introduce a formal copy data strategy as part of GDPR planning. This should include an element designed to reduce current volumes of copy data and its supporting infrastructure, focused on both best practice for GDPR and data center cost storage and infrastructure cost reduction. As copy data volumes have increased to the point where they often exceed production volume there are significant economies to explore, and significant cost savings to be made from reducing copied data.
4. Review the additional use cases that can be added post consolidation to achieve economies of scale and scope with your data, particularly in deriving value from it along with its protection and governance: Seek and calculate the savings and potential contributions to revenue that can be obtained from the additional data platform use cases. Enabling self-service search and recovery, for example, can reduce the internal IT burden significantly.
5. Model the projected cost savings over time and align with your portfolio rebalancing. This will help shift the IT investment from the data center toward BI/analytics, data science, cloud services, digital marketing and other investments that are geared to transforming the business and growing revenue.
GDPR can provide a catalyst for change resulting in a new set of data capabilities vital for securing the future of the organization, and taking GDPR as the start point and working through a plan designed to serve the wider needs of the organization makes good sense. Encompassing the use of data as well as focusing on protection and governance will serve the IT organization well as it seeks to support the shift toward digital business.