Accelerating GDPR compliance with data removal on a common data platform
With GDPR now in full effect, organizations are scrambling to become compliant to avoid hefty fines, and others are announcing services to help companies get their affairs in order.
At Collaborate 18 in April, we were present to witness Oracle announce the release of their free GDPR Utility called the “Oracle E-Business Suite Person Data Removal Tool”. We noticed that although this tool will enable enterprises to deal with some of the problems around personally identifiable data (PII), it also requires teams to be interactive with enterprise systems to cover the following points:
- Mapping the data landscape, including all downstream processes for the data that resides in the OEBS System
- Building enterprise attributes to enable identifiable personal data to be searched, tracked, and removed or obfuscated when required for compliance
- Interrogation and logging of all enterprise metadata within the data landscape, to enable search for personally identifiable data
- Dealing with non-standard columns within the OEBS system including free text fields and unvalidated description attributes
- Providing a methodology to deal not only with OEBS data, but also any other data in the Enterprise Landscape
- Capability to provide replies to subject access requests as part of the GDPR requirements
Current challenges
While Oracle’s aim is to provide a methodology through the Data Removal Tool (DRT), validating the data prior to obfuscation to ensure there will be no open transactions that would be affected by the data to be obfuscated (such as open orders and outstanding AR balances), it is also noted, however, that it only plans to address payroll, compensation workbench, iRecruitment, iExpenses, AP/PO, and AR/PO. However, Oracle themselves have emphasized that their latest tool is just a small piece of the solution, and that organizations are responsible for a broader solution.
Introducing the Solix Common Data Platform
The Solix Common Data Platform (CDP) is a complete solution that will scan all of your data through uniform data collection of structured and unstructured data, data governance and retention management, data security and access control, enterprise archiving, and data lake and advanced analytics applications — addressing each of the needs and challenges I described above.
To companies worried about the effects and consequences of GDPR (including the possibility of €20 million fines), our first recommendation is to purge all data that is not legally required, since 66% of organizations are unsure if an individual’s personal information is purged from all systems. The Solix CDP can purge data that is beyond data retention, and individual customers’ data as well.
Benefits of GDPR
The upside of GDPR is that it’s a great driver for application retirement and data centralization, in addition to protecting EU residents’ personal information. To learn how we can make the process much easier by helping with data retention and purging data when it is no longer required, contact us.