RISK MANAGEMENT HEALTH CHECK
Will 2017 be a watershed year for the deployment of data inventory and mapping tools to support the implementation of GDPR?
So with the May 2018 deadline fast approaching, will 2017 be the year when data inventory and mapping tools start to emerge as ubiquitous and indispensable software solutions?
With significantly expanded data subject access rights and more timely reporting of data breaches now key components of GDPR compliance, it is becoming increasingly apparent that data inventory and mapping will be essential capabilities for the protection of data subjects and data controlling organisations alike. However, what is perhaps less apparent is the value which can be also be derived from implementing these capabilities in organisations that are increasingly dependent on new data insights for their future success.
It’s a struggle to keep on top of all this personal data
A recent survey report published by IAPP entitled “Preparing for the GDPR: DPOs, PIAs, and Data Mapping” sheds some light on existing challenges and opportunities related to data inventory and mapping activities, and why software for manging this is so important. One key factor is related to resource constraints, with nearly 60% of organisations in the survey citing lack of resources as a barrier to implementing data inventory and mapping projects. Whilst GDPR implementations are likely to see some increase in resources, budgets will remain tight and many organisations are likely to veer towards making investments in optimisation and automation solutions over manual approaches.
The survey report also makes the observation that where organisations do carry out data inventory and mapping activities, nearly two thirds declared it was being conducted on a manual/informal basis using email, spreadsheets, and in-person communication. This is hardly a sustainable approach for ongoing digital transformation. In addition, there would appear to be significant opportunity to institutionalise the process through the implementation of tools which have been specifically designed for this purpose.
Data access demands are now everywhere
In a previous article, the impact of GDPR beyond the confines of the IT department was explored; a related impact is also envisaged for data inventory and mapping activities. Historically, the ownership and expertise associated with these activities has been beyond the data protection and privacy world – most commonly undertaken by data architecture specialists in IT. Furthermore, the artefacts being produced are not necessarily designed for data governance needs or joined homogeneously across the increasingly complex system landscapes that exist today. GDPR and the growing reality of enterprise wide and globally focused data supply chains are likely to necessitate that data inventory and mapping activities, if not moved from IT, will need to refocus on a much wider organisation landscape which more closely reflects the real-world ownership and increased value of data when managed more effectively across the enterprise.
Don’t leave it too late
The question of which tool and vendor will best meet your data inventory and mapping needs could prove to be an interesting challenge. Inevitably the impending GDPR launch is resulting in a rapidly growing marketplace of data inventory and mapping tools to choose from. However, organisations should be aware that time is not on their side; especially for those with the worthy intentions of carrying out in-depth software/vendor evaluations followed by securing funding and resources for deployment whilst they are in parallel, initiating the necessary GDPR compliance activities.
Tool selection is therefore likely to be determined by a range of influences: organisational size, level of perceived risk, existing vendor relationships, integration capabilities with current platforms, cost and perhaps, quite understandably, the tool preference of the department assigned with accountability for GDPR. Solutions are now available that originate from the privacy, data governance, GRC and security domains which compete alongside more traditional IT offerings. It will be interesting, as we approach GDPR go-live, to see if a concentration of leaders emerge or, as may be more likely, there is sufficient demand and diversity of needs to sustain them all.
But what do you think, which data inventory and mapping solution will best meet your upcoming GDPR needs?
To discuss these challenges further and their relevance to your own business, please contact Robert direct at firstname.lastname@example.org to schedule a completely confidential and no-obligation discussion.
Feb 6 2017GDPR
- Business Continuity & Pandemic Planning (9)
- Business Transformation (102)
- Change Management (33)
- Compliance (24)
- Conduct Risk (8)
- GDPR (5)
- Governance (4)
- GRC (22)
- IRM GRC Special Interest Group (11)
- Mergers & Acquisitions (M&A) (13)
- News (3)
- Non-Executive Management (NEM) (1)
- Portfolio Management (8)
- Programme & Project Management (9)
- Risk Management (63)
- Solvency II (9)
- Strategy Implementation (34)
- Twitter (2)
- Uncategorized (1)