Most small businesses will be aware that a data breach has the potential to wreak havoc, and high-profile cases like the TalkTalk data hack in 2016, which saw the data of 157,000 customers being stolen, highlight how serious the consequences can be.
How and where businesses store data, how it’s accessed and the permission levels around it will fall under greater scrutiny with the introduction of GDPR in May 2018, yet many are not prepared for it. Data management and governance need to be a core component of business strategy, as they affect every part of the business.
Starting with a full data audit is recommended as it will give valuable insight into what data you hold, and can quickly highlight changes you should make immediately. Organisations might feel they know exactly what data they’re responsible for, but in many cases, information can be spread across multiple platforms and systems, both virtual and physical, and it’s easy to overlook some sources.
Once the audit is complete, businesses can begin the process of categorisation of data, and consider what their broader organisational needs are. For example, they might be looking to create a data hub to manage customer relationships, or they might experience issues with data quality that need to be addressed. Requirements for data management strategy vary significantly, but there are a number of common considerations:
– What sources of data are there?
– How much data is there (new and existing)?
– How long should data be retained for?
– How valuable is the data?
– Who needs to access data and where should you apply restrictions?
– What devices will employees use to access data, and where will they be accessing it from?
– What is the data’s place in the data lifecycle?
– What do we want the desired outcomes of the new strategy to be? (eg reduced overheads, being more compliant, efficiencies in capacity utilisation)
Once these questions are answered, businesses will have a clearer picture of the data they hold, and where it belongs in the data lifecycle. The categorisation process also helps businesses to delete anything they no longer need. This in itself will help them prepare for GDPR, which enforces tighter rules on the scope of data that can be retained and how it’s stored.
There are tools in place which help to automate data management, and although they can prove very useful, it’s important that organisations ensure proper training around them; as human error is still the biggest source of security breaches today. Equally, each department should understand the link between good data management and positive business performance, which will help gain buy in and momentum as you implement the new strategy. This education process also helps cement data ownership across the company. If a department is responsible for a specific data set, and they understand why compliance and management is a priority, they are likely to take the ownership more seriously and consider it more within their day to day role.
Finally, agreeing KPIs for the new strategy is crucial. Most businesses will define a data management strategy because they are concerned about cost, compliance and performance, so desired outcomes should reflect this. If your business wants to drive down overheads, or improve system capacity, put some key metrics against this so you’re able to properly determine success, and if necessary, adjust it according to business need.
Ultimately, if your data management strategy has been well designed, your organisation should enjoy reduced costs, greater agility and efficiency, and importantly, increased confidence about compliance. Although it can be a lengthy process, these benefits make it well worth the time investment.
Andy Hinxman is director of Keybridge IT.