The Critical Role of Data Governance in GDPR Compliance


In the previous post, we discussed how the General Data Protection Regulation (GDPR), which goes into effect in May 2018, will impact most if not all higher education institutions in the U.S. Colleges and universities that communicate with European students, faculty and alumni or offer any programs in European Union (EU) countries will have to follow strict GDPR provisions to protect the personal data of those individuals.

There are five steps to GDPR compliance:

  • Locate personal data, and determine who has access to it and how long it has been stored.
  • Search for data to ensure your organization can quickly respond to EU residents who request to see, change, move or delete their data.
  • Minimize data retention periods and automate deletion according to appropriate retention policies.
  • Protect data from damage, loss or exposure to unauthorized users and make security processes transparent.
  • Monitor data for suspicious activity and alert authorities within 72 hours as per GDPR rules.

This sounds like a relatively painless process, but organizations are drowning in data, most of which is useless and not owned or managed by anyone. According to the Veritas Global Databerg Report, more than half of all data currently stored and processed is considered dark data with unknown value. One-third of data is considered redundant, obsolete or trivial (ROT). IT leaders classify just 15 percent of stored data as business-critical. Cloud adoption makes it easier to move the problem offsite, and employees are making it worse by storing a significant amount of personal data such as video, photos, music and games on work devices.

If data hoarding and a lack of attention to management and retention are not addressed, the unnecessary cost to store non-critical data will reach $3.3 trillion by 2020. In addition to the financial burden, data left unattended can be stolen or exposed without anyone knowing it. This creates serious security, compliance and e-discovery risks. And with multiple copies of data, it’s impossible to know which are the most accurate and up-to-date.

An effective data governance program can help reduce the amount of ROT data and ensure that all stored data is consistent and trustworthy. Data governance refers to the policies, procedures and plan used to manage data availability, usability, integrity and security.

Implementation of a data governance framework will address many of the provisions of the GDPR. This process involves establishing a governing body for enforcing data governance policies, identifying data stewards or owners of data assets, and establishing procedures for storing, archiving, backing up and protecting data. It also lays out the controls and audit processes that ensure compliance with data regulations. Closely related to data governance is master data management, which uses metadata repositories to cross-reference various data repositories and ensure that all data is used consistently across an organization.

With data volumes exploding and regulations such as the GDPR requiring effective data management, data governance has never been more important. Integration of data from all sources has never been more important. Let us show you how Axiom Elite can help to prepare your institution for the GDPR.