Ever since the murmurings regarding GDPR began in 2016, achieving privacy compliance has become a common discussion (well, at least among CISOs and CIOs). While lots and lots of ink has been spilled on the “how to get there” aspect of achieving compliance, little to no practical value has been offered regarding maintaining compliance once you “get there.”
Typical advice on maintaining compliance waxes on about the importance of creating employee awareness, establishing better data practices, how to set up contracts, and preparing the organization for the potential onslaught of DSARs/SRRs. However, the issue of how to continuously and easily discover, map, and categorize the flood of new data that comes into your organization all the time, is rarely addressed.
Additionally, new applications get added to the ecosystem that are accessing data and creating copies of it. So the big question is, how can an organization remain compliant at all times?
Lessons on Data Collection From a Chocolate Factory
An insightful 2018 report by Cameron Kerry on Brookings.com compared the plight of trying to maintain data privacy to a classic I Love Lucy episode. Standing over a chocolate factory assembly line, the red-headed heroine realizes it’s impossible to keep up with the flow and successfully wrap each piece. The faster she wraps, the faster the pieces fly across the conveyor belt. After shoving her mouth, pockets, and toque blanche chef hat full of unwrapped confections, her supervisor asks how it’s going—to which she responds with a cocoa-streaked smile and shrug.
This, posits Kerry is not unlike the data collection state we find ourselves in today. We create huge—practically unfathomable—amounts of data each day. The deluge comes in the form of lots of collected PI and PII, extracted from email signups, transactions, tracking cookies, social media logins, phone calls, and more.
And all this data has to go somewhere, right?
So sometimes, when we can keep up with it, it gets adequately structured in a database. But the reality is that data is often located in places it shouldn’t be; emails, phone recordings, MP3 files, text messages. It’s coming so fast and furious, we can hardly keep up with discovering it all; And when a customer creates a DSAR or SRR, locating it can be a nightmare—and can leave your organization in violation of requirements.
“Discovery” Isn’t Enough
Data discovery tools come along to collect and identify data from disparate sources across organizations. While they are a critical first step in adhering to privacy regulations, they essentially provide mapping of the data you know about and hold at the beginning of the undertaking. While such tools help organizations to initially identify data across structured sources, they are useless when it comes to accounting for the new data inundating your organization and moreover, require a great deal of manual input, which takes lots of time and can be highly inaccurate. Thus, solutions that simply look for known data are inherently very limited.
Continuously Keeping up with the
Such is the case for sustainability in data discovery.
You spent months creating a comprehensive strategy to meet regulations such as GDPR, CCPA, and LGPD. Trying to maintain that strategy with a solution that’s unable to continuously and automatically discover, map, and catalog unknown and unstructured data is crazy.
The only way to get data under control is to employ continuous, unceasing maintenance, wherein everything is accounted for at all times. This means that today’s transactions, the email address collected ten minutes ago, and the SMS to be sent in two hours from now are all factored in automatically.
With sustainable compliance, you’ll reduce your manual effort, prevent errors, and adhere to privacy regulations with so much less expended time and energy. No matter how fast and furious the data comes, with sustainable discovery, you’ll be able to find it, map it and categorize it—and keep it from winding up in your chef’s hat.