Compliance with personal privacy requirements and industry regulatory demands has always been one of the greatest challenges for data management and data governance. In recent years, however, this topic is receiving more media coverage and even making significant progress in government legislatures, such as the European General Data Protection Regulation (GDPR) that’s promising heavy financial penalties for noncompliance. Achieving – and maintaining – compliance requires the right tools and the right approach. But what else? Let’s first examine the tools and the approach.

Platform

Gone are the days when enterprise data management and governance tasks can be orchestrated with a patchwork quilt of disparate tools and applications that share limited, if even existent, connectivity and communication. Which is why the industry has been evolving over the past decade to embrace enterprise technology platforms with seamlessly integrated components offering end-to-end solutions for data integration, quality, management, stewardship and governance. These business-empowering suites provide robust functionality with easy-to-use and role-based interfaces tailored to the specific needs of different users, such as business analysts, data stewards, application developers and system administrators.

These platforms also provide built-in reporting and data visualization capabilities, helping to make the correlation between poor data quality and suboptimal business processes more tangible, especially for executive management. Perhaps the most important characteristic of these platforms is the shared metadata services that make it much easier to create a business glossary, track data lineage, monitor data quality, define governance policies for sensitive data, and implement data management processes to protect and control the access, and level of access, to sensitive data.

Strategy

The need for compliance is a reflection of the need to manage data as a strategic corporate asset. This means an effective, and evolving, IT strategy is a necessity, especially to prepare for new technologies like Hadoop, implement data storage and deployment improvements via cloud computing, and embrace advances in data-driven decision-making through analytics. A solid enterprise data strategy is also needed to provide a road map for how the organization can harness the business potential of data while still protecting customer privacy. An effective enterprise data strategy has to be tangible and applicable to the organization’s daily business activities. Data strategy also has to be connected and integrated with IT strategy, and of course evolve with it.

What else?

Platform and strategy (i.e., technology and process) are essential to compliance. But if that’s all it took, it would be relatively easy to achieve – and maintain. The "people" factor is the oft-cited other side of the triangle that complements process and technology in all enterprise endeavors. It’s no different with compliance.

Compliance will require both a top-down and bottom-up commitment from people throughout the organization to maintain the level of privacy and protection necessary for both corporate compliance and personal privacy. Executive management needs to advocate for compliance becoming a cultural norm within the organization. And regardless of their different enterprise roles, employees must take responsibility to minimize the exposure of sensitive data as they complete their daily activities.