Carl D’Halluin, Chief Technology Officer at Datadobi.
Regulations compliance has become one of the most challenging aspects of running an organization.
It doesn’t matter what size you are or what industry you play in. The time and expense that must be dedicated to getting your arms around the regulations that are pertinent to you—and then doing everything necessary to comply with them—can feel like an increasingly complicated, if not impossible, task.
Even with talented, experienced professionals leading the charge, it can still be tough going. GDPR, DORA, CCPA and OHSA are just some of the data privacy, financial and employment regulations organizations are facing.
Failing to comply means fines, penalties and lawsuits. What’s more, regulatory authorities can conduct investigations, impose sanctions and potentially revoke licenses or permits based on the severity of the noncompliance.
These aren’t just little slaps on the wrist. Most of you have likely read about Meta getting fined $1.3 billion for unlawfully transferring personal data from the European Union to the U.S. Likewise, Amazon’s penalties were reported to have been $887 million for violating GDPR in Europe.
It isn’t just the behemoths that are taking hits. Merchant service providers or payment processors may impose a PCI noncompliance fee on businesses that fail to meet the minimum security standards for processing card payments. These fees can range “from $20 every month up to $5,000 or more.” Would your organization be able to withstand these penalties?
To be compliant, companies need to understand, manage and protect their data. It’s about knowing what data you have, where it resides and who accesses it and making sure it’s all handled according to regulatory standards.
Structured Versus Unstructured Data
There are mainly two types of data: structured and unstructured. (There is also semi-structured with elements of both).
Structured data is organized in a predefined format, such as rows and columns in a database or spreadsheet. This makes it fairly easy to search and analyze (e.g., sales figures, customer details and inventory levels).
Unstructured data, on the other hand, lacks a specific format or organization—making it so much more challenging to manage. Examples include emails, social media posts, videos and other kinds of documents like Word docs, PPTs, jpegs, PDFs, etc.
According to an IDC report sponsored by my company, “more than 80% of the data created over the next five years will be unstructured.” The report also notes that “Enterprises should implement a conscious data management strategy to handle the deluge of data.” And, the report reminds us, “The benefits of an effective data management strategy include reduced IT costs, easier data sharing, better security, less legal exposure, and an improved ability to demonstrate governance and regulatory compliance.”
Unfortunately, this is easier said than done because unstructured data can be a bear to manage because of these factors, among others:
• Lack Of Predefined Structure: Unstructured data doesn’t have a consistent format or structure—so it’s difficult to categorize, search and analyze using traditional data management tools.
• Variety Of Formats: Unstructured data comes in many forms, including text documents, images, videos, emails, social media posts and more—with each traditionally requiring different methods and tools for processing and analysis.
• Integration With Structured Data: Unstructured data often needs to be integrated with structured data to provide comprehensive insights, but the differences in format and structure have traditionally required specialized tools and processes.
• Storage And Retrieval: Unstructured data requires scalable storage solutions that can accommodate diverse data types—retrieving relevant data efficiently from these storage systems can also be challenging due to the lack of predefined indexing and categorization.
• Data Quality And Consistency: Unstructured data can be noisy (containing errors or inconsistencies), requiring additional processing to clean and standardize the data for analysis.
At The Risk Of Sounding Like A Broken Record …
Organizations have to get their arms around their unstructured data before they can even hope to comply with regulations. To do so, here’s what those who are tasked with risk avoidance and regulations compliance need in their toolbelt:
• Data Discovery And Classification: The ability to identify and classify unstructured data allows you to understand where sensitive or regulated data resides.
• Automated Data Tagging And Labeling: Automatically tagging and labeling data based on its content and metadata can enable organizations to apply appropriate compliance policies and controls to protect sensitive information.
• Risk Assessment And Mitigation: These processes and tools assess data risk by identifying data that is noncompliant or at risk of breaches, providing insights into potential vulnerabilities and helping prioritize actions to mitigate risks.
• Audit And Reporting: Detailed audit trails and compliance reports provide the documentation required for regulatory audits, help demonstrate adherence to regulatory requirements and support internal and external compliance audits.
• Data Retention And Deletion Policies: These enable the implementation of data retention and deletion policies to ensure that data is stored only as long as necessary and disposed of appropriately to meet compliance obligations around data minimization and data retention periods.
• Access Control And Monitoring: Data access patterns and permissions should be monitored so only authorized users have access to sensitive data, which is critical for maintaining compliance with access control requirements in regulations.
Organizations should also consider the people and processes that manage the data. If you consider that IT departments typically don’t understand the content or even have permission to inspect the data content, you can see how data management is a challenge.
Data management tools need to empower content owners to classify their data and assist with automated classification. Once classified, content teams can own the actions, collaborating with compliance, legal and policy teams to approve their actions. Likewise, IT teams can execute the deletion, archiving or saving of the data.
Using a coordinated approach helps an organization align with regulations and operational efficiency goals.
Regulations are here to stay. They are growing in number and becoming more complicated. Organizations contribute to a more secure and trustworthy environment for individuals, businesses and society as a whole by adhering to these regulations. And at the end of the day, isn’t that a good thing?
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
