Will “Dark Data” Scupper GDPR efforts for many Organisations?
Many organisations face the biggest upheaval in data management practices in decades due to the introduction of GDPR this year, not because they will have to implement new processes or catalogue personal data stored in operational systems, but instead because of the lack of controls placed over an area of the operations causing what is appropriately coined “Dark Data”.
So, what is this dark data? Dark data is a selection of information that lies way beneath the surface of all organisations is frequently collected by devices and systems, and is not actively managed by Information Technology – dark data is the information that is hidden in plain sight of users. Worst of all dark data is completely uncatalogued and could contain enough content to ensure that, in the event of a information breach, it could cause substantial fines which would heavily impact the organisation financially regardless of its size.
Even before we can deal with the issues of Dark Data, we still have many companies struggling to deal with what is often referred to as Redundant Data – we all have employees or agents working for us who often download or query systems and drag this data into excel spreadsheets and csv files. This often creates a completely redundant version of our mission critical information and causes us some considerable risk. So why do they do this? Often because mission critical IT systems simply don’t evolve quickly enough to cater for the analytics and reporting needs of our users, or because its functionality is just not that effective, but for whatever reason – needs must and it will continue to happen. Repeatedly users are therefore forced to capture and manipulate data individually which should be managed and governed centrally. Finally these sheets, files and analysis are then easily distributed as attachments or links within emails – and the risk is dispersed as quickly and becomes as unmanageable as oil on water.
So we could ponder why don’t organisations do more to react to this problem? Firstly I expect that there is a certain percentage of them that have traditionally, in the pre-GDPR world, not perceived this to be a problem, or they do see this as an issue but have been hamstrung by the inability to solve it using existing IT infrastructure. Therefore some organisations will understand the problem and risks associated with the lack of data control (and the resulting financial penalties), but will not be capable of taking the necessary action to deal with the issue, and will simply manage it through a risk-based approach.
New technological approaches enable organisations to create global catalogues of identity data across the organisation. EntityStream Custodian is one such technology that can search, identify and harvest entity and personal data from both core and non-core systems and collate it, using advanced matching technology. We bring it together and enable your organisation to build a holistic view of identity data stored throughout the firm in minutes. Thereby enabling you to see the complete picture and understand the data being hidden right beneath the surface of your companies systems, where it resides and how it is being used.
Visit www.entitystream.com/custodian for more information.