Keeping Compliant: The Importance of Data Governance
As data usage grows more complex, new regulatory initiatives make compliance an important component of data governance. Yet often, compliance is neglected until news of a costly penalty or violation comes to light. Including compliance efforts in data governance policies is imperative in order to address regulatory obligations throughout the complete data lifecycle.
Regulatory efforts such as Global Data Protection Regulation (GDPR) in the EU and HIPAA in the US healthcare system are just two examples of regulations that impact businesses across the globe. With the amount of data growing exponentially year-on-year, regulatory bodies are vigilant about issuing and updating their rules, restrictions—and penalty fees—for every organization collecting and using data.
Compliance isn’t a new concept, but enforcing rules effectively and consistently has yet to be perfected. Since compliance is hard to monitor, violations are often the point of discovery—and once integrated within a company’s people and processes, non-compliance can become increasingly detrimental. From sizeable fines to damaged trust with consumers, to the loss of brand reputation, a failure to comply can set a business into a lengthy and costly negative spiral.
GDPR in particular provides numerous requirements for the treatment of consumers’ personal data. Traditional “Terms and Conditions” are no longer sufficient to forewarn EU customers—it is now a requirement for consumers to opt-in to denote consent for the use of their personal data. And compliance with these regulations is imperative for businesses. High-profile social media company Facebook, for example, is facing multiple billions in fines from the EU after a security breach in the fall that exposed the photos of 6.8 million users. More recently, a large multinational was fined £44M after regulators found the company to be in breach of GDPR rules over advertisements. And as more businesses are made into examples, GDPR is just the first in a long line of incoming regulations that aim to protect personal data from being mismanaged.
The US healthcare regulation HIPAA provides protection over patient data. Securing patients’ private medical history and health records is of the utmost importance within a the healthcare market. And in 2019 changes are being introduced to make HIPAA more effective and streamlined across the US. Proposed changes include changes include additional protection for patients with mental health conditions (reflecting the current opioid crisis), and allowing patients access to their own protected health information.
Markets in Financial Instruments Directive (MiFID II) is an EU regulatory measure introduced in 2018, and designed for financial services to offer greater protection for investors and transparency into all financial asset classes: from equities to foreign exchange. Set up as a measure to ensure transparency across the financial services industry, the regulation is built to ensure investors are gaining the best deals available. After MiFID II was introduced in 2018, many financial businesses had to revisit and restructure day-to-day operations. As we move further into 2019, MiFID II promises more scrutiny from the EU, and financial businesses are urged to check compliance or risk paying hefty fines. Businesses found to be non-compliant risk fines of up to €5 million, or 10% of their annual turnover.
So, what do regulations and compliance mean for data governance?
Data governance is the way that any business organizes the intake, sharing, and management of data across the organization. Within the world of compliance, data governance details the appropriate handling, securing, and reporting on any data non-compliance or vulnerabilities. Through the data governance framework, an organization is prompted to assess any new data for compliance and maintain consistent monitoring of existing data and usage.
The organization inherent in data governance makes adherence easier to manage and gives managers a real-time view of the business’ level of compliance.
For example, a data catalog is essentially a directory of all data. It serves as a tool to identify and classify all repositories and formats of customer data. Once organized and categorized, data is easier to monitor and manage for compliance.
These are just a couple of components to maintain compliancy. Full adherence requires a thoughtfully planned and executed data governance strategy. To learn more about the different components that every business should consider, please read our latest white paper, “Data Governance.”