Enabling GDPR Compliance through Data Governance
Data governance is a means of creating policies related to data, including how and where it is stored and sent, who has access to it and to what level and which actions can be performed on the data—by whom and when—using which methods, and under what circumstances.
The General Data Protection Regulation (GDPR), enforceable on May 25, 2018, is a regulation in European law that focuses on protecting personal data. Wide-reaching in scope, the new law expands the rights of individuals to control how their personal data is collected and processed, placing a range of new obligations on organizations to be more accountable for data protection.
The regulation demands business owners take a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
The GDPR requirements lay out specific instructions regarding how personal data is to be collected, processed, used and stored. These can be broadly classified into:
- Data discovery (identification and classification of personal data)
- Data management (including response to the requests of data subjects)
- Data protection (all aspects of securing personal data)
- Reporting (documentation of activities and conditions pertaining to personal data)
SNP is an established Microsoft partner that provides an enterprise-wide data governance solution that puts people and processes first. Our solution automates data governance and management to quickly and securely deliver data to the business users who need it. Some of our joint compliance efforts include:
- Giving our consumers access to a self-service privacy portal to request copies of and delete their personal data used in our cloud services.
- Building a comprehensive data inventory that accurately maps out the flow of personal data across our entire business.
- Implementing a common infrastructure that standardizes database schema, enables automation and enforces privacy policies.
- Reviewing and standardizing data retention policies across our businesses, systems and partners/ suppliers.
- Updating our technical documentation and processing contracts to provide our commercial customers with the information and assurance needed to fulfill their compliance obligations.
- Reviewing our data privacy requirements and building compliance requirements into our procurement process.
The key benefits of GDPR include:
- Improving data governance
- Improving information security
- Building customer trust
- Improving brand image and reputation
- Improving competitive advantage
For more details of information on GDPR compliance and policies, contact an SNP representative here.