General Data Privacy Regulation: Imagine This

General Data Privacy Regulation is complicated. Consider this brief exercise in thought:

Imagine a typical morning

You arrive at work, boot up your computer, open your email, and see…

Hello,

I’m writing to request a copy of all the personal information your organization holds regarding my person as well as information on how you store and process it, in line with my rights under the recent General Data Privacy Regulation.

Find attached the necessary documentation to prove my identity. Should you need additional material, I can be reached at this address.

Be aware that I expect a reply within the month as required under Article 12 of the new regulation. If you fail to properly respond, I will not hesitate in bringing this before the proper authorities.

Sincerely,

Your customer

How do you even begin responding to something like that?

Information may be power, but it’s also a liability. It’s vital that your organization locates all relevant data held on its systems when handling General Data Privacy Regulation subject requests; that includes irrelevant data located across disparate data stores. While searching each system for the customer’s name might provide the bulk of the requested information, it’s not enough. Stray IMs, decade-old emails, and half-finished documents are all subject to these requests, too. Despite the difficulty, all of this unmanaged redundant, outdated, and trivial information (ROT) will be subject to GDPR requests.

Almost two-thirds of global organizations find themselves unprepared to comply with the GDPR, according to a recent Osterman research study, a fact that is hardly surprising given the complexity of today’s corporate data environments. With potential fines in the million (or even billion) euro range, managing unstructured (customer and employee) data needs to be a priority.

At the very least, organizations affected by the General Data Privacy Regulation must be able to respond to these requests. If you received this email today, would you be prepared?

If not, it will cost you.

Get Ready for General Data Privacy Regulation

ZL File Analysis and Management (ZL FAM) can help you take the first step towards General Data Privacy Regulation compliance. Unlike other solutions, ZL FAM allows you to index content across the entire enterprise, search and analyze data so that you can take action on it in place. Click here to find out more.

compliance GDPR information governance privacy subject request

As a content and events specialist at ZL, I work to bring the glamorous allure of information governance to the world. As a native Virginian and temporary Tennessean turned Californian, I’m permanently fascinated by life on the west coast. Although I miss SEC football and four distinct seasons, I’m in love with redwood forests and bubble tea on every corner.