The enforcement period of the EU General Data Protection Regulation (GDPR) is less than a year away. Given the volume and complexity of data in today’s enterprises, preparations should already be underway.
If they’re not and you’re not sure where to start, we’ve got you covered in our GDPR white paper, which has recently been updated with an interview featuring Santiago Castro, Head of Strategy and Portfolio at Keyrus — a Dataiku partner — who speaks at length about how to get started by mapping what he calls your data life cycle.
What’s a Data Life Cycle Map?
Mapping out your data life cycle means getting down on paper in a centralized place the following:
- Inventory of what data exists (from customer data to web logs to HR data and everything in between) and where
- For each data type and source, who (individuals or teams) has access to, owns, and regularly works with that data
- Current maintenance workflows — i.e., whether data gets copied or deleted regularly, and by whom
With this baseline map in place, you can start to identify which areas or processes touch personal data and which present risk factors for GDPR compliance. And with that concrete list of GDPR compliance risks, you can easily start to prioritize, tackling the largest risks first and working down from there to be ready in time for the compliance deadline.
Map out your organization's data life cycle and use it to tackle the largest GDPR compliance risks first.
Training, Then Process, Then Technology
Complete GDPR compliance will mean having the processes in place, staff trained, and tools and technology to execute. But according to Castro, order matters; and here’s why:
“You may put together lots of technology and process solutions, but if people keep duplicating records and breaking those processes, you aren’t progressing and won’t be compliant - you’re rowing against the current. You need to make people aware of GDPR and its changes (including how it impacts what people are doing) so that when you put a process in place, it works. Tools are definitely needed, but ... put them in at the end after the people and the processes."
-Santiago Castro, Head of Strategy and Portfolio at Keyrus
GDPR compliance means 1. Training staff, 2. Establishing processes, and 3. Putting technology in place (in that order!)