ASG Logo

ASG Perspectives

Blog > March 2018 > With GDPR, U.S. Companies Need to Watch Global and Anticipate Local

With GDPR, U.S. Companies Need to Watch Global and Anticipate Local

The “think global, act local” mantra is hardly new, but it has newfound importance in today’s increasingly regulated world. The European Union is actively pursuing its mission to protect its global consumers, starting with fining US-based Google €2.7 billion for anti-competitive actions in 2017. In particular, the EU’s upcoming General Data Protection Regulation (GDPR) reaches far beyond the borders of the European Union, forcing companies around the world to think global and act local. Any organization collecting personal data on residents of European Union member states must comply with the GDPR – meaning that if you want to keep doing business in Europe, you need to comply with regulation guidelines.

While the impact of the GDPR is global, achieving compliance means acting locally. For most organizations, local action starts with getting their houses in order — which, at ASG, we’re finding starts with doing an inventory of the data currently being managed. To do this effectively, organizations need to be able to scan through their entire data estate and identify all the personal data – or personally identifiable information – that they are storing. If your organization still doesn’t know whether it has this data, you certainly can’t protect that data or control how it’s used.

earth-2254769-1280.jpgData discovery is not the only action needed for compliance, but it’s an important start and not always easy. ASG finds that customers are rarely aware of all the applications, repositories and databases that might hold personal data within their organization, so when it comes time for initial scans, more data turns up than they anticipated. Because the metadata associated with data stores might not indicate the presence of personal data, organizations need to investigate further, following the trail leading to data elements and checking for patterns that are common among personal data items. When investigating data lakes, you might want to say, “forget about it.” But you can’t — your organization needs to know if its data lake contains personal data, and it likely does. 

ASG has added capabilities to our Data Intelligence solution to help overcome this problem. Now, our solution can use metadata and data lineage to identify personal data that is difficult to locate in tables or is buried in a data lake. The software identifies personal data, then leverages lineage to find exactly where it exists in the data estate. With these insights, the solution can utilize patterns that match common personal data like U.S. social security numbers (xxx-xx-xxxx) or Irish Passport numbers (AAnnnnnnn) to locate data if it does exist in the data lake.

While these data sources may be local, repercussions for noncompliance are global. Globalization has major benefits — including access to expanded markets and the ability to leverage of global resources — but when it comes to collecting data around regulations, the action is local!

To make sure your organization understands both the local and global steps its needs to take toward compliance, download this GDPR compliance datasheet. For everything else your organization needs to know before the GDPR takes effect on May 25, download this 2018 GDPR handbook.
 
Posted: 3/15/2018 10:30:25 AM by Rob Perry | with 0 comments


Comments
Blog post currently doesn't have any comments.
Subscribe