Story image

Why a data consolidation strategy is the best approach to GDPR compliance

06 Jun 2018

Article by Peter O’Connor, Vice President of Sales Asia Pacific, Snowflake Computing

As organisations around the world strive to comply with the European Union’s new General Data Protection Regulation (GDPR), many are realising they need a new approach to managing their data stores.

GDPR is designed to protect the privacy of all European citizens by requiring businesses operating within EU borders to have strict data security and privacy conditions in place. Businesses must be able to track and trace sensitive data and determine how it is processed and stored across their entire information supply chain.

When it comes to complying with these requirements, one of the key challenges faced by many organisations stems from the fact that customer data is spread across a range of different locations.

Some records might be held in a central CRM system within a corporate data centre while other data could be stored within a cloud platform or on servers in satellite offices.

In the course of everyday business activity, these data stores might also be replicated numerous times.

For example, a marketing team could create a fresh copy of a customer database to support a new marketing campaign. Meanwhile, a finance team might copy records to support an audit process or the IT department create a copy to test new processing algorithms.

As a result, an organisation may have no clear method of understanding exactly where customer data is being held and for what it is being used. This makes achieving compliance with GDPR a daunting prospect. 

As well as the requirements for strict data security, the GDPR laws also give European citizens the ‘right to be forgotten’. This means a company must be able to delete any personal data from their systems should a request be made.

When that data is spread across multiple platforms and locations, this task becomes difficult if not impossible.

Consolidation is the key

For most organisations, the only way to effectively comply with GDPR is to adopt a strategy of data consolidation.

Rather than having multiple data stores and copies of customer information, a single store should be created that can then be used by multiple groups as required.

This approach effectively decouples data from the processes that are making use of it. Rather than having individual stores to support individual applications, each application can access the central store as required.

In this way, a single copy of all data remains in a centralised location.

As well as helping with compliance, undertaking data consolidation can also deliver significant business benefits. Rather than having to search through multiple data stores, senior managers can obtain a single version of the truth.

With one data store, analysis and reporting can be undertaken with the confidence that results are based on the most up-to-date data available.

Using a cloud data store

GDPR compliance can become even more challenging when a business needs to share customer data with external parties. These could include business partners, third-party vendors and service providers.

Traditionally, such sharing has often led to the third party retaining a copy of the data on its own internal systems. In these scenarios, GDPR compliance can be difficult as there may be no way to assess the levels of data protection that exist on those systems.

A better approach is to place the organisation’s central data store on a trusted cloud platform. From there it can be securely accessed as required and also be shared with trusted third parties.

The data remains on the cloud platform at all times, making legislative compliance much easier. When it comes to responding to a ‘right to be forgotten’ request, the data needs only to be removed from one place.

Follow a strategy

Creating a single, cloud-based data store in which all customer data resides is a goal that may seem insurmountable for many organisations.

Having grown their operations over years, they are faced with large numbers of existing stores that hold different data sets, in different formats and potentially in different geographic locations.

The first step in a consolidation strategy is to locate and document all data stores in use within the organisation.

This audit should cover all stored managed by the IT department as well as those that have been created by individual departments, groups and staff members.

A trusted cloud service provider should then be selected and a staged migration program undertaken. This process does not have to be completed overnight but should be gradually followed to ensure no disruption occurs to key business activities.

Once data has been successfully transferred to the cloud platform, local stores should be deleted and checks undertaken to ensure that all copies have also been removed.

This will allow senior managers to be confident that GDPR compliance has been achieved and can be maintained in coming years.

Rather than being a headache for organisations, GDPR can actually deliver some significant business benefits. Through the creation of a single, cloud-based data store, process efficiencies can be improved and operational costs reduced.

Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."