David Smith, Head of GDPR Technology, SAS UK & Ireland talks about best practices for enterprise data governance and the role of GDPR.
Ensuring data integrity in enterprise environments is a never-ending process. Whether using cloud
or local storage, enterprises need to know where and how its data is being stored. They also need to understand that as their data infrastructure grows and becomes more complex, data integrity must be constantly monitored and improved upon.
David Smith, Head of GDPR Technology at SAS UK & Ireland
said data “left out of sight” could be vulnerable to attack
. Additionally, there is a lot of data that does not get cleansed or standardized and therefore goes unused and wasted.
“In order to understand and protect the data on your network, you need good quality data management solutions to help work out what and where it is,” Smith said. These solutions are an important part of monitoring and improving the health of a business’s data.
For example, business rules can be established to ensure the longevity of good data, alerting the correct persons when errors occur so that they may be resolved as they happen. Furthermore, Smith recommended converting data into a standardized and actionable format, this way organizational inefficiencies could be reduced and data could be used with confidence.
Aside from deploying the right hardware and software, it is also important to comply with local, federal and/or international guidelines and regulations. For example, compliance with the General Data Protection Regulation (GDPR
), as well as other data-governing laws, is mandatory for anyone conducting business in the European Economic Area.
From a GDPR perspective, Smith noted that businesses must be able to explain how decisions that affect individuals are made. “You need a system that provides clear lineage from data input all the way through the process to final decision-making,” he said. “You also need to be certain that you know exactly where your personal and sensitive data is stored, whether it is correctly labelled or not, in order to protect it properly.”
A good data governance strategy is also critical. A white paper by SAS lays out several reasons for why data governance often fails or underperforms in business environments. These include not having a well-defined framework in place; a lack of inter-department cooperation within a business; data not being managed in a structured, tactical and repeatable way; among many others.
“Proper data governance means having appropriate access to all your data and ensuring you perform essential tasks thoroughly,” Smith said. This includes identification analysis, data quality standardization, personal data term definitions, user-based data masking or encryption, as well as data lineage and metadata management. The GDPR can be used to provide “useful framework” for good data governance strategy.
According to Smith, the ideal governance program has dedicated executive sponsorship and is designed to align with the overarching objectives of the organization. It must also have an organized structure to formalize decision-making and business data stewards with responsibility for each domain. Using data governance technologies (e.g., data glossary, data quality tooling, metadata management, etc.) will make it easier and more efficient for enterprises to maintain high-quality data.
Smith said enterprises had to keep data-quality improvement at the top of the agenda. “It’s tempting to lose focus when urgent tasks elsewhere distract attention from quality and governance efforts. Yet the risk is that attention only returns to data quality when mistakes are discovered,” he said. A strong data governance program is crucial to maintaining data integrity on a long-term basis. This not only means the processes and technologies that ensure data quality, but should also encompass the people that work with and maintain the data.