By

Gary Allemann

, , ,

5 data management essentials for your data privacy program

Discover the 5 essential data management strategies for a robust data privacy program. Learn how GDPR, PoPIA, CCPA, and other data laws are shaping ethical data use worldwide. From data profiling to stewardship, ensure compliance and protect consumer rights.


Almost everybody working with personal data will be aware of the glut of legislation, worldwide, that is seeking to protect consumers against the abuse of their personal data.

In Europe, GDPR; in South Africa, PoPIA; in Nigeria, DPR; in California, CCPA…

Efficiently manage regulatory requirements by implementing strategies to streamline compliance processes, allowing your team to focus on core business objectives.”

Around the world, data laws are changing to promote the ethical use of consumer data. In many cases, corporations are responding with a focus on security implications. Yet, data protection is about much more than security.

Data protection about much more than security

What other data management capabilities are essential to compliance?

Data profiling and discovery.

“Before you secure your data, you have to know your data. You have to know what data you have, where you have it, why you have it and how you use it”

Brian Boyd, IAPP (International Association of Privacy Professionals)

Many organisations struggle to understand what personal data they hold, where they hold it and for what purpose. Even structured data (data stored in databases) may not be as it seems, as information is often captured in unintended places. We must also consider unstructured data (e.g. email, files, biometrics) , big data, and cloud data the problem definitely requires a specialist capability as manual approaches cannot succeed.

Process register.

“What do processes have to do with data?” you may ask.

Data protection regulations such as PoPIA and GDPR place limitations on the processing of personal data.

While a process register is not mandatory for PoPIA compliance, it is a good way to understand what business processes use personal data, for what purpose, where data is stored etc. Embedding a process register in your data catalogue allows you to link business processes to systems, to conditions and restrictions for lawful processing, to responsible parties, and so on.

The process register helps to define the scope and priority of your data privacy initiative, in particular with respect to how and where personal data is processed and accessed. And it is a requirement for GDPR.

Data policies.

Linked to the above – what policies do you have defined for the lawful processing of data?

Most regulations limit the capture and storage of personal data to specific, agreed business purposes. Your policies help to define what data is necessary to achieve your business purpose, what additional purposes (e.g. advanced analytics or marketing) you may wish to use the data for, how long you may retain it, etc.

Data governance policies should stretch across enterprise siloes to ensure the needs of all business areas are considered – for example, including feedback from marketing and risk. Data policies define the ethical use of data, agree on accountability, and provide a framework for engagement with new and existing customers, suppliers and staff.

Data quality and a single customer view.

One of the biggest challenges facing most corporations is the requirement to provide data subjects with access to the information held about them upon request. Information is frequently scattered across multiple systems and business units, often with no real link.

Master data management helps to link these disparate records into a consistent view that can make this requirement easier to meet. Data quality is also a requirement for GDPR as data protection seeks to ensure that data subjects are not prejudiced by poor-quality data

Data stewardship

A key focus of most data privacy regulations is the need for accountability for personal data. Accountability can be traced to stewardship.

Data stewards may help to define data policies, execute data sharing agreements, perform Compliance Assessments, or may be responsible for managing the consequences of a data breach.

We may not call our stewards by that name – they may be Data Owners, Data Protection Analysts, IT Security or Data Quality specialists, Line of Business Managers, or part of the Legal or Risk teams.

The data stewardship function needs to drive and coordinate the entire data protection capability.

Data governance is the foundation of compliance with data protection.

While data security is firmly and clearly the responsibility of IT, typically led by the Chief Information Security Officer (CISO), responsibility for data privacy is more nuanced.

Companies must balance the need to protect privacy with the need to find new customers and conduct business. Inputs from sales, marketing, data and analytics and consumers and producers of data, must be balanced with the inputs of legal, compliance and data security professionals. This collaboration, supported by some of the principles outlined above, is the foundation of compliance.

Understand the critical role of data quality for AML efforts, facilitating accurate risk assessment, transaction monitoring, and regulatory compliance.

Understand the role of data quality for SAM compliance in insurance companies, ensuring regulatory adherence.

Tags:

, , ,

Response to “5 data management essentials for your data privacy program”

  1. Sivakumari B

    Excellent article for everyone who are looking for the piece of information about Big
    data.we are also into same track for more info visit our website Hadoop page!

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related posts

Discover more from Data Quality Matters

Subscribe now to keep reading and get our new posts in your email.

Continue reading