In a world of increased scrutiny and regulatory policy concerning how personal data is collected and managed, the European Union’s newly implemented General Data Protection Regulation (GDPR) raises critical issues for data management at every company. The standards for handling and controlling digital information have become much stricter, and the penalties for breaches are much higher, than any previous security-related legislation. And even though GDPR is an EU regulation, it impacts any company that has customers in Europe.
One of the biggest challenges companies face when addressing GDPR requirements is to manage the various repositories of data that exist across numerous enterprise applications. This separation of information collection and management solutions, and particularly those that typically address security and business continuity issues, is about to change fundamentally. Forward-thinking companies need to develop data strategies to avoid running afoul of GDPR. Fortunately, Rocket’s MultiValue Application Platform combines an embedded database and development platform to offer the best of traditional database management with embedded security, while also incorporating business continuity requirements into a single solution.
Finding the Data
Separate data management systems have been a viable approach for many years. Multiple reliable options have existed for addressing the various facets of data collection and management. But the new wave of regulatory guidelines, increasingly focused on access and privacy, is challenging the historically diversified approach and making companies rethink how and where their data is stored, accessed and managed.
Before GDPR, a distributed heterogenous model for data collection didn’t represent a high risk from a regulatory perspective. The information an organization needs for an audit, to improve marketing tactics or to better manage supply chain interaction could be readily identified – even if it took some effort.
But GDPR puts this approach at risk for several reasons.
Who Owns What Data
GDPR brings a new level of responsibility on companies regarding not only how they collect, manage and store customers data but also how they protect it and report any breaches.
Firstly, the rights of individual users to control their data has been greatly expanded. The definition of personal data has becom significantly broader, including several categories that have historically been considered metadata. While personal information historically included name, address and email, it has now been expanded to cover sensitive information like genetic and biometric data as well as IP addresses, and website cookies. All this information is now going to be the responsibility of the company to manage. And companies will need to seek permission to collect additional information.
Another aspect of GDPR is that users now have the “right to be forgotten” - which means a company has to be prepared to confirm deletion of any and all end user data should that request be made.
Plus, there are new portability requirements. Users will have the right to move their information from one company to another – and the company that manages the data is also responsible for helping with the migration. Microsoft and Google have already set up “help desk” resources to prepare for this new regulation.
Another more business-critical stipulation is the degree to which security breaches are the responsibility of companies to find and report. An organization will only have 72 hours to identify and report a breach before they become liable to a fine. They have to report directly to the responsible authority within this interval, and must also contact end users directly within a reasonable period and without undue delay. Potential fines are in the range of 2-4% of a company’s global revenue. And the EU has a history of levying large fines, as Google discovered last year when they were charged $2.4B for using their search engine to unfairly steer customers to their own shopping platform.
It’s a different world out there. How do companies address these data regulation challenges?
Find the Data
Given this new level of focus on consumers’ controlling their data and the responsibility of companies to protect that data, organizations are under increasing pressure to know where every bit of data lives across all systems and to be able to quickly access it. The struggle many companies face is getting all this data under control. The growing business risks of using disparate data storage and development solutions increase dramatically with the implementation of GDPR and centralized data management and security solutions are becoming mission critical. MultiValue is quickly being recognized as an effective platform for handling many of the data management issues that GDPR creates.
Flexibility and Efficiency
The best way to address these challenges is by improving access to and management of the wide-ranging domains of data regardless of structure or location. MultiValue provides tools to help organizations establish a GDPR-compliant system by first focusing on consolidation, with tools and a development environment to enable companies to simplify their data collection and management.
Rocket’s MultiValue Application Platform helps organizations address the new requirements dictated by GDPR, as well as provides a flexible environment for addressing the landscape of ever-changing data requirements.
What’s Ahead
GDPR represents only the beginning of a global trend toward a more robust, secure and end-user managed approach to how digital information is collected, shared, and managed. There are also dramatic implications for companies as to how they collect, protect and use their customers’ data.
All companies will have to address these issues, regardless of vertical or industry. MultiValue is already being used to create efficient, flexible database and development frameworks that provide both a GDPR-compliant as well as scalable solution.