Dark Data – the accident waiting to happen?
As businesses make more and more use of personal data to deliver their products and services, the quantities of personal data stored by organisations have undergone dramatic growth, at least doubling in volume every year. This personal data has increasingly become a commodity which businesses value and require, making it an attractive target for hackers, blackmailers and thieves.
Vast quantities of “dark data”, (data residing in unstructured content) pose a serious challenge as organisations around the world struggle to meet their GDPR obligations and avoid the reputational and financial fallout of non-compliance.
Discovery and processing are fairly straight-forward with structured data, but dark data is more complex to search and identify.
The GDPR defines how customer data must be managed, not just for European companies, but for any company doing business in Europe or with European customers. Under GDPR, data subjects have an explicit right, a ‘Subject Access Request’ to receive a copy of his or her personal data and to demand its rectification and removal of it, if they choose. When the same data is requested by a court and cannot be located, the costs escalate.
The critical issue here is that the regulatory basis of GDPR presumes organisations know exactly what data they hold, making it crucial to understand where personal data might be darkly hidden away in remote or forgotten repositories or unstructured, even unsearchable, formats.
> Read more about GDPR Risk Assessments
The GDPR also imposes both direct and indirect obligations on third-party data processors, such as cloud-storage providers, business services and data centre operators, to comply with the same requirements that apply to controllers.
Data controllers will be under strict obligations for the protection of personal data both in their own right and when transferred to data processors and other vendors. Data processors are now open to direct action for failure to meet the requirements of GDPR, even when acting as a third party.
But when it comes to its unstructured data, most organisations have very little insight into their unstructured data stores. This is a real risk and a significant challenge.
However, getting dark data into compliance with the GDPR also offers a much more positive outcome – the potential to transform an organisation into a truly data-driven business. Recovering and managing the dark data content of unstructured documents will promote better decision-making, provide more efficient customer service, and reveal new opportunities to generate revenue and efficiencies.
But most importantly, getting a handle on unstructured personal data will ensure that dark data ceases to be the ‘accident waiting to happen’, which jeopardises both your bottom line and reputation.