Imagine a typical morningYou arrive at work, boot up your computer, open your email, and see…
I’m writing to request a copy of all the personal information your organization holds regarding my person as well as information on how you store and process it, in line with my rights under the recent General Data Privacy Regulation.
Find attached the necessary documentation to prove my identity. Should you need additional material, I can be reached at this address.
Be aware that I expect a reply within the month as required under Article 12 of the new regulation. If you fail to properly respond, I will not hesitate in bringing this before the proper authorities.
How do you even begin responding to something like that?
Information may be power, but it’s also a liability. It’s vital that your organization locates all relevant data held on its systems when handling General Data Privacy Regulation subject requests; that includes irrelevant data located across disparate data stores. While searching each system for the customer’s name might provide the bulk of the requested information, it’s not enough. Stray IMs, decade-old emails, and half-finished documents are all subject to these requests, too. Despite the difficulty, all of this unmanaged redundant, outdated, and trivial information (ROT) will be subject to GDPR requests.
Almost two-thirds of global organizations find themselves unprepared to comply with the GDPR, according to a recent Osterman research study, a fact that is hardly surprising given the complexity of today’s corporate data environments. With potential fines in the million (or even billion) euro range, managing unstructured (customer and employee) data needs to be a priority.
At the very least, organizations affected by the General Data Privacy Regulation must be able to respond to these requests. If you received this email today, would you be prepared?
If not, it will cost you.