data management compliance protection IT

Data management: compliance, protection, and the role of IT

The business benefit of data and data-driven decisions cannot be undervalued, which is a widely agreed-upon mindset on today’s business landscape. At the same time, there are sensitivities around where that data comes from and how it’s being accessed or used. For this reason, data protection and privacy are the driving topics in today’s age and, for enterprise companies, essential to remaining an ongoing business concern.

To ensure regulatory compliance and generate business value, any data coming into an organization needs to be confidentially handled, trusted and protected. Modern businesses also want their products to be cloud deployable, but many businesses have security concerns that come with sharing information in the cloud. It’s crucial that when you use data, you also protect it, preserve the integrity of original personal ownership and, maintain the privacy of the person to whom it belongs at all costs.

The first level of data protection is to not collect personal data if there is no legitimate purpose in doing so. If personal data was collected and a legitimate purpose no longer exists, it must be deleted.

The second level of data protection can be realized through a framework of technology measures: Identity and access management, patch management, separation of business purpose (disaggregation of legal entities), and encryption.

IT teams often provide data in an encrypted format as a means to get people the information they need, without compromising sensitive information. People receiving the data don’t usually need to know every bit of data, they just want an aggregate of what the data looks like. And IT teams want to ensure that when they transfer important data assets, the information is secure.

Additionally, when it comes to being data compliant, there are rules and regulations that businesses must follow, such as the General Data Protection Regulation (GDPR) and data protection and privacy agreements.

GDPR harmonizes data protection regulation throughout the European Union and gives individuals more control over their data. It imposes expansive rules about processing data backed by powerful enforcement, so IT teams must ensure they are compliant. This creates an extra, guaranteed level of security for corporate and personal data, though it’s not without its complications for enterprises.

Concretely, this means that companies have to technically ensure that only necessary sets move through ‘boundaryless’ end-to-end business scenarios. Here, we consider efficient data control in and through the context of comprehensive business processing for a declared purpose that is legally secured, including by consent of the individual that the data is related to.

The business context and its technical rendering through customizing and configuration is central to the business capability of efficiently controlling data for purposes of data protection and privacy. Integrated services provide business context by showing information contained in any one data set that is linked to ordered business objects and business object types related to the data subject.

Here, we have offered an embedded view of the data subject, which can be uniformly changed and managed in the context of a logical sequence of business events.

Data management capabilities

To further protect data and stay compliant, many IT teams have started with the approach of applying data management capabilities to encrypt and anonymize data without actually changing the data set. IT simply changes the way data is presented to ensure data is safe.

One recent example is the adoption of the GDPR rules to be compliant with the legal regulations. In this case the data management capabilities must ensure that only the allowed data is shown and that protected personal data is hidden or deleted (information lifecycle management) without destroying required information and connections.

By transitioning to what we call an 'intelligent organization', businesses can feed applications and processes with the data essential for the digital economy and intelligently connect people, data and processes safely and secure.

Solutions offer customers comprehensive in-depth information about the places where their master data exists, which parts reside in which services, applications or systems, and how the data can be accessed, or they can even get direct access. Moreover, a clear picture of the complete master data set and all individual owners can be obtained, including rules for creating data consistency. This provides overall consistency, and the robustness that is required in a service-driven enterprise environment.

Tiered levels of access

Another tactic way of keeping data secure is for IT to work closely with each line of business to set tiered levels of access by creating a workflow scenario for first, second, third, and so on, access by individual persons to data within a specific line of business.

In contrast to the more traditional model outlined above, IT teams can offer a tiered approach to authorization. Users have limited access based on transaction codes, organizational levels, etc., by assigning authorization roles through different lines of business.

Best practices for data compliance and protection

Both approaches outlined above allow businesses to review their data to determine the real value of it without compromising the security of the data.

Overall, it’s important that data compliance is not only a tech topic, but a topic that should be discussed, rolled out, and followed company-wide. As 2019 comes to a close, companies must have a data compliance program in place, a data protection culture within their organizations and the ability for employees to understand the importance of change processes and tools to adhere to the new regulations.

Including such aspects from the beginning can be a competitive advantage for companies and should be considered at an early stage. Not adhering to data protection and privacy rules and regulation can cause tremendous damage to a company’s image and reputation and can have a heavy financial impact.

Author: Katrin Lehmann

Source: Information-management