Benefits of GDPR compliance
The General Data Protection Regulation deadline could be a useful catalyst for getting data life cycle management back under control.
The General Data Protection Regulation (GDPR), set for enforcement from 25 May, will impact all local companies trading with clients in Europe. But, like the local Protection of Personal Information Act (POPIA), the GDPR also presents a good set of best practice guidelines for any company to follow. For many companies that have left their data management and life cycle management standards to slide, the GDPR implementation could provide the incentive they need to get back on track.
While most enterprises take data governance seriously and have, in the past, set data management frameworks, the realities of business today introduce the risk of standards not being applied. Up to five years ago, companies were moving towards single view, uniform standards approaches to data management. Then the pace of business increased, new paradigms emerged, and outcomes-based and agile approaches to development made their impact felt. Business units began overtaking the architecture and enabling teams, driving the adoption of new systems and processes and allowing these new additions to dictate the data management standards. Agile deliveries, seeking 'quick and dirty' wins, often neglected to capitalise or use existing enterprise data management frameworks and standards.
In a rapidly evolving environment, companies may find multiple processes and business units working in pockets for the same data domain or similar purposes, tending to define their own standards for management of data. This results in overlapping and duplicated processes and resources. If, for example, there are 20 processes scattered across 20 systems dealing in isolation with data acquisition, data profiling and data quality, should there be data anomalies, the company would have to look for and fix it in 20 places (that is after confirming which of those processes are correct or incorrect). Not only is this inefficient, it causes inconsistencies and mistrust.
Play by the rules
In contrast, effective management of the data from creation to destruction, within the parameters of the data governance framework, would ensure data has the same rules across the enterprise, regardless of the business units or processes utilising it. This effective management is in line with GDPR compliance, which also demands clear audit trails on personal data collection, storage, recall, processing and destruction.
The realities of business today introduce the risk of standards not being applied.
The five steps that make up the model for GDPR can be implemented or articulated with an effective data management life cycle (DMLC) process. The DMLC is the key to articulating (or mapping) the data rules, conditions and standards in context of data governance practice.
Properly governed, each data set/theme/entity can have a DMLC process, with each stage on the DMLC having specific rules with regards to the management or handling of the data. This can then be applied consistently, from one place, across all systems and business processes where it may be created, used and destroyed.
A key enabler for this is metadata management. As companies see the importance of more effective governance and data management, metadata management as a priority is coming through strongly, since it shows the lineage of the resources to support change management and new projects. It also allows for economising and re-use of information or data resources and artefacts.
With regulations such as POPIA and GDPR, the focus is on data quality, governance and security, and lineage is key to all of these. This lineage relates not just to tracking the change history of the data content, but also to the definitions and structure of the data. Companies need both effective metadata management and the DMLC process.
Seeing that business is taking the lead in many instances, it is also well placed to lead in terms of standards for DMLC and data governance rules, while technical teams (including architecture and IT) are tasked with implementing them.
Defining data standards and rules is not only a technical task; it also requires an understanding of the data and a grasp of business requirements and legislation. Serving as translators between business and technical, the governance teams, whose role has evolved strongly over recent years, must articulate GDPR requirements and map them to the data domains, systems and processes, ensuring the company is able to prove governance and compliance, not just on paper, but in practice.
Mervyn Mooi is a director of Knowledge Integration Dynamics (KID) and represents the ICT services arm of the Thesele Group. His competencies and focus is within data/information management and governance.
Mooi has been in the ICT and data solutions industry for 38 years, beginning his career as an operator at the CICS bureau in Johannesburg in the early 1980s. Thereafter, he was appointed as a programmer at state-owned oil exploration and production company SOEKOR.
In 1986, Mooi joined Anglo American's head office ICT department where he remained for almost 12 years. Here he progressed to become a senior programmer, analyst, database administrator and technical support specialist. After completing his degree in informatics, he then left to join Software Futures, where he worked as a senior consultant for 18 months in the data warehousing and business intelligence arena.
Mooi joined KID in 1999 as a data warehouse and business intelligence specialist. His experience in ICT disciplines includes operations, business and systems analysis, application development, database administration, data governance/management, data architecture/modelling, software support, data warehousing and business intelligence.