What GDPR means for your information governance team

What GDPR means for your information governance team

The advent of the General Data Protection Regulation (GDPR) is set to concentrate minds in every enterprise that has business dealings with Europe. The new regulation will change the mindset of everyone who has some sort of responsibility for information governance.

Probably amongst the most important changes within the terms of GDPR is the switch in emphasis around the use of personal data. Now, under the new regulation, companies must get explicit consent from data subjects to use personal data if they do not meet the other lawful conditions for processing this data.

Just this single change is going to cause major headaches to governance departments as they seek to check all personal data agreements are watertight. And that’s before we mention concepts such as the ‘right to be forgotten’ (RTBF), which will add new pressures on governance officers.

It is therefore incumbent on enterprises to get on the right footing before the regulation becomes law – and before they face potential fines for non-compliance.  To do this effectively, companies need to ensure that everyone works together and it’s not left to one particular individual to manage all aspects of governance: it’s something that lawyers, HR executives, accountants, marketers and security experts need to be concerned about.

The next step towards effective governance is working out what needs to be managed and here there’s a paradox at the heart of GDPR preparation. Companies must be very careful about how they handle data but, at the same time, they must ensure that their own analytics teams have access to meaningful data. One of the functions of the governance team is to protect the information that can make a difference to a company’s bottom line.

Removing data siloes under GDPR

One of the ways to do this is to check that none of the data that’s required is being stored in siloes across the company.  To conform to all the strictures of GDPR, it’s incumbent that organisations have established a common methodology so that all data can be handled in the same way.  What’s important is to put in place a governance-by-design model in place which allows organisations to identify high value assets and risk across their legacy and day forward content.

In this way, organisations can be fully prepared if, under threat of litigation, they need to access information quickly.  By making the right decisions beforehand, companies can have better quality information in a single, centralised, place and that leads to faster response times.

And these processes can be managed effectively by using a content management, suite such as Secure Content Management from Micro Focus.

This allows an organisation to examine data throughout its life-cycle, setting up policies so that it can be handled in the most appropriate manner. For example, with GDPR strongly recommending that sensitive personal data is securely encrypted, the Secure Content Management Suite does this from end-to-end.

RTBF requests

There’s a long list of requirements that all companies will have to conform to under the new regulation. How will it be able to cope when it’s flooded with requests for the right to be forgotten (RTBF), for example?  The answer is that it won’t unless it has set the appropriate systems up in the first place. How will it be able to respond to a security breach within the 72-hour window? There needs to be an effective surveillance system in place to handle this.

The arrival of GDPR means that the old ways of working will no longer be good enough. Unless there’s a central repository and a new way of dealing with information requests and compliance demands, an organisation will not be able to deal with the upheaval that the new regulation will bring.

Fortunately, this is where Micro Focus can help.  By integrating file analysis, structured data management and governance-based enterprise content management, the Micro Focus Secure Content Management (SCM) Suite balances collaboration and productivity needs with information security, privacy and compliance across enterprise systems with reduced risk, complexity and cost.

The SCM Suite consists of three strands:  ControlPoint, Structured Data Manager and Content Manager.

Content analysis identifies sensitive and high-risk data which is categorised and has policies applied to govern access and retention, while powerful search makes it easier to find the permissible data. In addition, companies can ensure that unstructured content is managed in-place, or moved to a secure repository, while structured data extracted from database applications has security and access controls applied prior to intelligent archiving. Real-time access and reporting are supported without the need for legacy applications.

Companies looking to archive their communication data, meanwhile, can also look to Retain Unified Archiving, ensuring that email, social media, and mobile communication data are all easily accessible from one central archive—both on-premise and in the cloud.

Digital Safe combines communications archiving, data analytics and machine learning so organisations remain compliant and litigation-ready.  The ability to integrate and archive all different communication types into one compliant unified content store is the first step towards being able to maintain a proactive compliance stance.

For more information around technology’s role in ensuring data protection, read the following whitepaper.

Legal Data Breach Data Ownership

Tell us what you think and join discussion on LinkedIn!


Sign up for updates on GDPR