Establishing data governance has always been good business practice. Now, with expanding privacy regulations, rising cyber threats and the growing importance of data as an asset, it is fast becoming a prerequisite for business success in today’s digital age.
Data governance and privacy compliance
The European Community General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and similar regulations in other countries and states, protect the rights of individuals around organizations processing and storing their personal data.
GDPR requires an organization to provide all the information it holds on somebody when requested via a Data Subject Access Request (DSAR), and to be able to give a comprehensive, detailed record of how any item of personal data has been processed, through a Record of Processing Activity (RoPA). Other national and state regulations have similar requirements.
The cost of compliance with these regulations depends directly on the effectiveness of the organization’s data governance framework. A strong framework powered by the right automated toolset can deliver big time and cost savings.
BigID offers this unparalleled capability for its diverse global customers. A September 2021 Forrester Case Study shows how deploying the automated data governance capabilities of BigID’s Data Intelligence Platform delivered net benefits for one organization of $3.58 million over three years.
Without effective data governance, DSARs & RoPAs are a major overhead
An organization has 30 days to provide all the data it holds on a DSAR requestor.
This typically means identifying and extracting data from a diverse set of data stores, across multiple functional silos – CRM platforms, multiple divisional sales records, finance systems, archives, local databases and phone, text, social media and online chat records.
Without effective data governance, fulfilling the requirements of the DSAR can be labor-intensive, time-consuming and error-prone. Each data item has to be tracked down, identified and logged, data to be redacted needs to be accurately identified, and irrelevant data must be removed.
Research by Statista.com found that, in 2020, 72% of UK companies assessed the cost of processing a single DSAR at over £3000 ($3500). A single organization may need to process many DSARs every month, and dealing with them on time can easily become an issue without effective data governance systems. In January 2022, ITPro magazine reported the UK Ministry of Justice receiving an enforcement order after building up a backlog believed to be in excess of 7,000.
The requirement to maintain records of all data processing activities (RoPAs) is another significant overhead that can be reduced with strong data governance processes and systems.
The UK Information Commissioner’s Office (ICO) Guide to documenting processing activities gives a flavor of the overheads involved for organizations that rely on manual recording.
How BigID drives down the cost of privacy compliance
BigID automates the key processes needed to establish and maintain all the data governance processes required to satisfy privacy compliance regulation.
It provides discovery-in-depth findings to identify sensitive and personal data across all data sources, context specific classification and validation, and mapping and inventorying to create a comprehensive, maintained record of all the personal data held by the organization.
DSAR processing is automated, and RoPAs can be managed through a single user interface.
BigID has delivered major privacy compliance savings for many organizations. Taking just one example, for a global retail organization with $550+ billion in revenue and over 10,500 global locations, BigID –
- Automated data discovery and classification across diverse data sources
- Mapped and inventoried hundreds of structured and unstructured data sources, in a unified inventory
- Streamlined compliance workflow management for data lifecycle management
- Created the capability to fulfill data access right requests automatically, at scale
- Mapped and identified all of their data for over 100M customers and employees
- Met the requirements of their privacy compliance and CCPA initiatives
We are seeing an increasing number of organizations recognizing that the overhead of servicing DSARs and RoPAs alone justifies investment in effective, technology supported data governance.
A BigID eBook considers the importance of data governance, the value of a holistic, bottom-up approach to managing data, and how to implement it.
Other blogs in this series consider the role of data governance in minimizing security risk, and how it can increase company profitability by maximizing the value of data assets.
To find out more, and to continue the conversation, visit us at the SAP Store