With the General Data Protection Regulation taking effect in the coming months, companies everywhere are scrambling to get their ducks in a row. Some will make the deadline, and some won’t. Either way, on May 25th, 2018 the world of data protection is going to change big time.
Many people don’t yet know it, but metadata is actually hugely relevant for organizations in the process of becoming GDPR compliant. In fact, just a few weeks ago on August 10th 2017 Gartner published its Magic Quadrant for Metadata Management Solutions in which they state, “By 2020, 50% of information governance initiatives will be enacted with policies based on metadata alone.”
This is Huge for GDPR Compliance
Without metadata, it is impossible to know what data you have, what it represents, where it comes from, where it’s stored, how it’s being used, how it’s changing, how it moves through systems, who has access to it or even the quality of your data. And this is all super critical for GDPR compliance, which is why organizations everywhere must embrace metadata management as an essential part of data governance.
Five Ways to Optimize Your Metadata for GDPR May 2018
Here are 5 of the many ways metadata plays a crucial role in meeting the upcoming EU data protection regulation:
1) Right to access. GDPR stipulates that data subjects (the people) have the right to access their personal data being processed by an organization. What does this mean? Well, in order to provide access to the data, an organization must first identify everywhere the data resides. This is where metadata comes in – metadata is what enables organizations to even be able to locate the data they require.
2) Right to be forgotten. Along the same lines, GDPR maintains that data subjects have the right to demand their personal information be deleted or forgotten by an organization. This might seem like a fairly simple thing for the organization to do, but as this information is stored in many different databases and reports, only metadata can help an organization determine the whereabouts of the specific piece of data.
3) Data portability. Data subjects must also be able to receive their personal information from an organization and transfer it to another organization. Yep, you guessed it – metadata saves the day again. In order for an organization to be able to hand over this information, it must first map and discover every location of the data which it can do only through metadata.
4) Privacy by design. The General Data Protection Regulation calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. Through metadata organizations can identify the privacy sensitive data items and therefore understand which data requires protection from the onset.
5) Breach notification. GDPR compliance requires organizations to inform data subjects within 72 hours of discovering a potential breach. Metadata, for example the name of a specific database or file creation date, helps organizations determine if, when and how a hack occurred.
There you have it folks, any organization looking to become GDPR compliant isn’t likely to be able to do so without robust metadata management procedures in place that ensure its ability to access and provide the required data items promptly and accurately.