Data Management: How can CIOs balance risk with business gain in the age of GDPR?

Data Management: How can CIOs balance risk with business gain in the age of GDPR?

Data Management: How can CIOs balance risk with business gain in the age of GDPR?

GDPR has forced business to take a much broader look at data management. John Pocknell, Senior Market Strategist at Quest, explains how to better manage data and how it will make a difference to companies.

In the age of the Internet, data has become one of the most valuable commodities to almost every business. Not only do organisations store as much information as possible but businesses look to sell, exchange and purchase data from one another; all to harvest the ever valuable customer insights that, only a few years ago, they could never have imagined having access to. In an attempt to bring control back to the customer, GDPR has forced organisations to take a much broader look at data management – ultimately holding the business responsible for the data mismanagement and neglect we have seen so often since this new age began. So, in the age of GDPR, can organisations still leverage data in the same way, without facing the hefty fines and scandalous headlines?


GDPR has forced CIOs to take data breaches and cybersecurity incidents seriously – making businesses think not just about the regulatory compliance but about the way in which data is moved, prepared and archived within the organisation. Since the regulation was introduced, there has been a much stronger focus on minimising exposure to a potential data breach. Previously, companies had a tendency to hang on to a lot of data across all areas of the business – from operational systems and data archival, to backup and recovery. Now all these aspects of the business have become a focus point, with CISOs taking the time to consider which data needs to be stored and where.


In a similar vein, data provisioning has added another layer of complexity. Prior to GDPR, while not encouraged, it was still possible for organisations to have production data in non-production environments for testing. However, now it is unacceptable; production data cannot be simply copied across and non-reversable anonymisation must be applied to all personal identifiable information. This is the idea of ‘DevSecOps’ in practice, where data privacy and security are built in from the ground up.


GDPR is about protecting personal data but this does not need to hinder business innovation or limit the insight data can provide. Organisations sometimes have a tendency to over compensate and overreact when it comes to understanding how to use data while still ensuring it is safe because they’re unsure of the answer to a simple question: ‘What do I need to protect?’ This mindset can hamper organisations from capitalising on the data insights they need. As long as the proper identification and protection controls are in place, you can still utilise data to grow your business and develop new insights.


The opportunity


If you can manage data better, the opportunities can be huge. The effective management of data feeds into different areas of businesses, enabling companies to control how they apply information and get insights into it. Once organisations understand what they need to do to comply with data management regulations, they can relax the notion that IT teams are the only ones who can access data – they can start making sure that business users have direct data insights rather than having to go through data analysts.
Equipping the business community with the right tools to access and visualise the data themselves would give businesses the freedom they need to have a competitive edge and will ultimately drive market share and revenue.
The future is moving towards automating the process of extracting data value, moving beyond the need for people to be involved in data insights and towards deriving better value from the data that is attained.


The solution


Data is extremely valuable but it can’t sit still. In today’s competitive landscape, your business will certainly need the insights, not to mention that idle data is easy to forget about, increasing the likelihood of mismanagement through human error. Companies should focus on how to find the right balance between ensuring their data insights make them more competitive, in order to drive business, while at the same time meeting their regulatory compliance responsibilities. Automating areas of the data preparation and management processes can work to ease the burden on those responsible for preparing data and ensuring your organisation’s compliance.


It’s possible to quickly and reliably protect sensitive customer data across your organisation’s database infrastructure and mitigate the risk of non-compliance with data regulations. It’s now more important than ever to detect Personally Identifiable Information (PII) data residing in databases and to encrypt and redact that data as soon as possible after detection and an automation tool can help you do so, even while performing on-going monitoring to proactively manage your databases. With greater visibility and insight into where sensitive data resides, your organisation will maintain stronger security and have greater confidence in meeting compliance regulations and standards.


But, the usefulness of your organisation’s data lies in your ability to access, integrate, prepare and provision it. After your compliance is ensured, your organisation will benefit from the ability to access all your data sources, from relational databases and non-database sources to non-SQL systems and the cloud. Again, finding the right data-integration tool will help your organisation achieve this.


Fundamentally organisations need to move beyond seeing GDPR as a barrier to innovation. We can use this as an opportunity to strive towards improved compliance, regulation and data management – which in turn will filter down to all aspects of the company. Better data management can and should be a win-win situation.

Browse our latest issue

Intelligent CISO

View Magazine Archive