Back on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, meaning all organizations that offer goods or services to European Union residents, or collect consumer data within the region, are now required to comply with the regulation.
Yet GDPR compliance is an ongoing challenge for organizations. According to a study from McKinsey, “few companies feel fully compliant”: as many as half, feeling at least somewhat unprepared for GDPR, are using temporary controls and manual processes to ensure compliance until they can implement more permanent solutions.
One of the biggest risks to GDPR compliance is unstructured data. That’s why, in this blog, we take a look at what unstructured data is and the risks it poses to your company’s GDPR compliance processes.
Firstly, what is unstructured data?
Unstructured data is all of the information that a business stores that isn’t structured inside predefined data classifications. This type of data is sprawled across the organization in emails, PDF files, video, audio and image files, social media, communication software, as well as text files.
The amount of unstructured data stored by businesses today is huge, and it’s growing fast.
It’s estimated that unstructured data makes up 80 percent or more of enterprise data, and is growing at the rate of between 55 percent and 65 percent per year. Without the tools to gain visibility into, and organize, this data, businesses are running the risk of noncompliance with GDPR.
So, what is GDPR?
In essence, GDPR was created to give consumers easier access to data that companies hold about them, and makes it easier for consumers to ask businesses to delete that data.
It’s the toughest privacy and security law in the world, setting strict guidelines on how businesses can collect and process personal information from individuals who live in the European Union (EU).
To be compliant with GDPR, organizations must think carefully about how they collect, store, share and delete data. Failure to comply could result in steep fines, costing a business 20 million (euros) or 4 percent of their annual turnover, whichever is greater.
Why is unstructured data a risk for GDPR compliance?
The first step for any business that needs to ensure compliance with GDPR is to locate all personally identifiable information (PII) of EU citizens through data discovery. This will give the organization insight into where the data is being stored, why it is being processed, who has access to it and who it is being shared with.
The problem is, unstructured data can make this difficult.
Unorganized and unclassified data represents a major challenge when it comes to complying with the requirements of GDPR, and most organizations completely lack visibility into whether this data even exists within their business.
This can make complying with GDPR incredibly difficult. For example, if a consumer asks your organization to enact their “right to be forgotten”, which under Article 17 of GDPR means individuals have the right to have personal data erased, then your business needs to know where that data lives.
If you can’t find that data because it’s unstructured and you lack visibility, then you are failing to comply with GDPR requirements.
Are you interested in regaining control of your unstructured data? Read our blog - to learn how your business can gain visibility into unstructured data. 4 Tips to Help You Get a Handle on Unstructured Data Sprawl
Alternatively, watch the free demo of the innovative Cavelo data discovery platform and learn how we can help you uncover sensitive data and build an inventory of all personally identifiable information across your organization.