In the past most data related regulations focused on data protection and disaster recovery. The European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), as well as other soon-to-come regulations, continue to have data protection and disaster recovery elements but now add data management elements as well. These regulations expect organizations to know what data it has, where that data is, what makes up that data and who is responsible for the data. The problem is these expectations don’t match up with data center realities.
The reality for most organizations is that more than 37% of their data is mobile, on laptops, tablets or smartphones. Most organizations have very little insight into what is going on at the endpoint level. Most organizations have classified less than 15% of their data, which means they don’t have the information needed to manage it properly. In the end, most of these regulations expect organizations to have something like a Chief Data Officer (CDO). Someone who is primarily responsible for making sure an organization’s data adheres to the regulations set forth by GDPR and CCPA.
In our recent on demand webinar, “Designing Storage Architectures for Data Privacy, Compliance and Governance,” we refer to the gap between the expectations of the regulators and data center reality as the Data Governance Gap. IT needs a strategy to understand what data it has, where that data is located and who is responsible for it. The data governance strategy includes knowing the contents of the data. For example, if an employee has customer credit card information stored in a spreadsheet, the organization needs to know about it as soon as possible.
In this blog series, we explore the potential methods by which organizations can make data center reality live up to the expectations of the regulators. We also show how creating an architecture for adhering to data privacy regulations can enable the organization to derive more value from its digital assets. Our next blog discusses the essential first step, creating a central repository for all data and offloading extraneous data from primary storage and endpoints. The third blog in the series covers data classification, which has come a long way from its birth. Data can now be classified seamlessly with minimal involvement from IT. The fourth blog covers dealing with endpoints and how to manage data on them. We’ll wrap up the series with a discussion of a Chief Data Officer and why organizations of all sizes need one.
In the meantime watch our on demand webinar for more details on the Data Governance Gap and how to design storage architectures for data privacy, compliance and governance.