Once in a while, we’ve all felt the need for a spring clean of stuff. This fact holds true for data that businesses have on customers.
In this digital age where information proliferates across various online channels, it is important to be mindful of how data is used and stored, as it can have serious implications.
Which is why, getting rid of clutter can feel good and save huge storage costs, especially where data is concerned.
Pave the way for Data Protection
As GDPR compliance looms large on the horizon, businesses must steer clear of hoarding irrelevant data. Data minimisation, a key GDPR principle will serve as an important measure for facilitating data protection by design and default. The regulation defines data minimisation as ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.’
Take the example of our retail customer who experienced a major space crunch on its enterprise data platform. As a strategic IT partner, we investigated the cause of the storage loss in order to implement measures for freeing up space on the platform.
Upon interviewing a cross section of business and IT stakeholders, we discovered that a lot of data was unnecessarily hoarded. Key findings of the investigation included:
- Unspecified data owners, resulting in orphan data within the system
- Regulatory concerns leading to data hoarding
- Departmental silos resulting in multiple copies for different reporting requirements
Risk-based, Timed Approach
The team analysed the regulatory requirements, discarded data that failed to add business value and which could be easily re-created from source information. Following challenges in locating owners of the orphan data, the team decided to take a risk-based approach.
Using this approach, they transferred the orphan from the original source to a secondary storage and monitored the system for impact. When no untoward incidents occurred for a predefined time period, the data was safely disposed.
Weed out Data ROT
So how should your business implement data minimisation? The first step is to weed out the ROT (Redundant, Obsolete and Trivial) data. I’ve listed some broad measures for doing this:
- Gain an in-depth understanding of regulatory requirements and retain only data stipulated by the regulation.
- Identify data owners; enable business units to own the data, making them aware of the consequences of non-compliance.
- Create processes for collating and retaining new data.
- Identify orphan, personal data and get rid of it early on.
- Implement strong data governance policies. Define a retention period for data collected and establish a framework for disposing/retaining collated data.
- Identify PII (Personally Identifiable Information) written to logs and implement solutions to address them.
Until now, businesses played it safe by retaining most of the data. Thus entailing security risks, loss of capital and increased energy consumption. The good news is that weeding out the ROT offers businesses an excellent opportunity to strengthen enterprise data governance, save substantially on storage costs whilst complying with GDPR regulations.
Find out how you can transform GDPR from a challenge into a business opportunity. Check out this GDPR Benefits Infographic to discover additional benefits of compliance for your organisation.