There other options than “scorched earth” says Rocket Software director Martyn Davies
Data as a currency is central to the modern economy and its control and protection have become an ever more pressing concern for governments, businesses and individuals.
With the EU General Data Protection Regulation (GDPR) placing data protection at the centre of all business infrastructure from the outset, some organisations have decided to throw out all their old databases and move everything onto the cloud, in an attempt to consolidate personal information records and achieve compliance.
There are a number of reasons why this may be inadvisable. Firstly, it’s an enormously expensive undertaking. Secondly, it’s very risky; moving large volumes of data makes the chances of losing or corrupting some of it extremely high.
To minimise the risk of losing personal information, best practice often involves making – and keeping – copies of databases. Rather than solving the problem of data management, this approach can actively exacerbate it – so, what can businesses do instead?
Modern Solutions to Modern Problems
Instead of adopting a “scorched earth” approach, there are many ways of modernising data management and carrying out digital transformation without taking the risk of losing or damaging customer records. Using APIs, you can access and analyse your data through web and mobile applications. This real-time access to data makes modernisation cheaper, easier, and less risky. It also removes rigid “green screen” based workflows, making the user experience much simpler. API tools can also allow you to implement role-based access, which means you can identify specific individual users and manage their access to data, keeping the entire process fully secure.
Access your data virtually
Another option worth considering is the use of data virtualisation tools. These tools can enable the analysis of data “virtually,” while leaving the original records undisturbed in the database. Virtualisation makes it possible to access multiple databases simultaneously, solving the problem of accumulated repositories. Not only this, but you can also extract data from unstructured data sources in “green screen” terminal-based applications, by emulating the terminal data querying, in an automated process that accesses data and then encrypts it as it is transferred to a new system.
Automate your Workflow
Many organisations spend 20-30 per cent of their IT budget on compliance audit reporting and preparation. Application Lifecycle Management (ALM) tools can help companies in regulated industries, such as banking and financial services, to document their development and release processes, while also creating dedicated reports just for auditors.
Put Agreements in Place
The additional challenge brought by the GDPR is that your organisation must now also consider how each of your partners, sub-processors and contractors are handling your customer data. Every transaction must be completely transparent under the GDPR and customer permission must be obtained explicitly to share data with third parties. The new headache facing any organisation which outsources its data processing, therefore, is how on earth to police the management of information by partners.
Much of the solution to this challenge is due diligence and contractual agreements: you must be able to demonstrate that you know your partners’ procedures and security measures and that your agreements with them are legally binding. Managing your contracts to ensure that they cover every stage of the data’s journey is no small task – investing in software to help with this is crucial.
Compliance – An Opportunity not a Threat
Regulations such as the GDPR are being seen by too many organisations as a colossal problem, creating work and requiring financial investment. In fact, regulations codify good practice in data management and offer customers visibility over their own data. They do, however, need to be taken seriously. Organisations must be able to manage customer records securely and effectively and be confident that their partners are doing the same. Those that do will benefit from data that is not only held securely and compliantly, but which is managed more effectively. And that is best for everyone.