GDPR was a tsunami for businesses across the globe. And now that it has crashed upon the shore, the search to locate and secure personal data has become paramount. Since many businesses are not quite up to the task, here are eight strategies that can assist in the identification of personal data:
Looking For Documentation. This might seem intuitive, and you would be right. The problem comes when considering that only the most basic of systems will be able to use this to find consumers’ personal data.
Manual Investigation. Again, smaller systems will be able to do this; however, the larger the system, the more labor-intensive this becomes.
Turning to Application or Technical Specialists. Since the application and underlying data model are no doubt more technical than a manual investigation would allow, seeking out a specialist is the right move.
Hiring External Consultants. Similar to technical specialists, you are outsourcing expertise. However, there can a drawback: often, there is a cost associated with a consultant getting up to speed on your particular data landscape.
Metadata-Driven Software Approach. An intriguing approach is to use analytics to find the metadata associated with the personal data in order to locate it. This approach is often much quicker than others.
Intranet or Internal System Search. Performing basic searches using existing tools in applications that house customer/consumer data.
Best Guess and Hypothesis Testing. While it sounds like statistical testing, this approach is predicated on observations and insights, and is frequently inaccurate as a result.
Turning to Software Vendors. Using new GDPR and privacy compliance tools for data mapping and data inventorying.