GDPR compliance as a detox exercise

Written by Mike Pannell, BT on 8 May 2018 in Sponsored Article
Sponsored Article

BT's Mike Pannell argues that organisations should get rid of data they no longer need

From a young age we love to collect items, toy cars or football cards; there are endless possibilities to fuel the imagination. School also gives us the love of knowledge, and we mentally collect information on the Kings and Queens of England, the works of Shakespeare etc.

When we start work this habit transfers to the workplace, but now we collect information. Unlike a toy cupboard that has a finite capacity, data storage is almost infinite and, almost like magpies, we rarely take time to consider why something is kept.

In a typical organisation, you could find:

- Old emails
- Customer data used to evaluate a system but kept ‘just in case we need to re-run tests’
- Electronic notes for a customer problem you worked on
- Obsolete design material for a system no longer in use

Life coaches can help us declutter our personal lives, but we need a similar approach to data storage in a workplace.

If a personality detox is more of a self-imposed exercise, organisations are obliged by law to review how they retain  personal data –With the upcoming data protection reform, the GDPR, data should not be kept longer than necessary.

There must be a corporate policy on data retention, and hopefully policies are in place across organisations to check their main email storage. However, much of the electronic detritus I outlined is stored by users in hard-to-check places. USB storage, development servers, unstructured data on laptops etc.; there are too many places for this dark data to lurk.

To minimise unintended data loss, tools should be provided to allow employees to store and locate data that need storing. My Inbox is full of companies offering technical solutions to parts of the GDPR problem, but success requires more than technical products, cultural change is required. It will unlikely happen overnight but continuous education on the risks of dark data will slowly change staff’s habits of collecting and storing data they do not need, thus, averting the risk of exposing their organisation to the sanctions of the new law.

If staff can easily locate relevant material, they won’t feel compelled to hoard data ‘just in case’, and GDPR framework will be slightly easier to comply with. All  data will be in a structured form that can be centrally managed against a data retention policy.

As with any fresh start or resolution, a detox is needed in the first stage but then it becomes a matter of some good habits to stay in shape.

For more on GDPR, download BT's latest report Dealing with the new EU General Data Protection Regulation

Mike Pannell is CTO Cyber and Secure Systems for Majors and Public Sector at BT.

Share this page

Tags

Related Articles

Making Tax Digital VAT pilot goes live
17 October 2018

HMRC director says that new digital ways to pay tax will give businesses more control over their finances

We all need to utter the F word sometimes
17 October 2018

PublicTechnology editor Sam Trendall looks at the public sector’s vexed relationship with failure

Digital ‘equally important’ as transport infrastructure, says Scottish minister
16 October 2018

The Scottish Government is to form an infrastructure commission to advise ministers on how spending should be directed to provide most economic benefit

 

Related Sponsored Articles

GDPR already isn’t working
15 October 2018

The policies may be in place, but is it happening in practice? BT's Bas de Graaf looks at the reality of GDPR today

Simplicity in a complex world
8 October 2018

Cisco's Dominic Elliott shows how global organisations can embrace the benefits of SD-WAN without adding complexity

Make more of your digital transformation with Intelligent Connectivity
25 September 2018

When it comes to digital transformation, you want your organisation to lead from the front

Government begins to "rightsize"​ its estate
17 September 2018

BT's Simon Godfrey on how government is fundamentally rethinking its strategy for both people and places