In light of the European General Data Protection Regulation (GDPR), companies have been dealing with their data more intensively than ever before in recent months. However, the GDPR and data protection are not an issue that can be considered a done deal and ticked off with the deadline of May 25, 2018. Companies must do something to ensure that they remain GDPR-compliant and ensure that they fully exploit the potential of their data within the legally justifiable framework.

This brings classic data management topics into focus, which have often been dealt with in the background until now. Data quality, data integration, data availability or traceability of the origin of data (data lineage) are aspects that are of the utmost importance in order to keep your own database clean and secure. This is also the prerequisite for being able to combine and analyze data in a meaningful way. Data governance is the term under which all this can be summarized and which has been expanded by one facet through the GDPR.

Identifying personal data
Much has been written about the GDPR in recent months. Nevertheless, it is worth taking a brief look at it, especially when it comes to business practice. The GDPR has been in force since 25 May 2018 and applies to companies and organizations that handle the personal data of European citizens - in other words, to everyone. Nevertheless, most companies did not necessarily feel that they were on the safe side until shortly before the law came into force: at the beginning of the year, software manufacturer SAS asked companies in the USA and Europe about their GDPR maturity level. Only eight percent (USA) and five percent (Europe) were convinced that they were already GDPR-compliant. And only eleven percent of all respondents expected to be compliant by the deadline of May 25, 2018.

A few weeks on, we know that the big wave of warnings has (so far) failed to materialize. And a significant number of companies have done their GDPR homework on time. However, certain issues remain on the agenda. The SAS study revealed that the biggest challenge for companies is something that seems quite easy at first glance: the identification of personal data. Fortunately, there is special software that helps to locate personal data and efficiently and automatically map other GDPR requirements, such as documenting data flows and data origins.

Fragmented data landscapes
This software does nothing to change the basic constellation that makes data governance so complex. In the typical data landscape of a company, the data is firstly not uniformly located in one place, and secondly it is linked to each other in many different dimensions, not consistently, but only on an ad hoc basis, i.e. via interfaces that serve a specific purpose. The reality is therefore often a web of data that only provides a limited overview of the data, its origin and its relationship to one another.
However, it would be desirable to have a central data management instance that can be used to monitor and control data and data governance in such a way that employees in the specialist departments can work with all the data available to them easily, securely and worry-free. An end-to-end platform approach, such as that offered by SAS, is helpful in bringing together data from a wide variety of sources - whether structured or unstructured, from cloud or in-house systems. Such a platform covers all steps from data preparation and management to data analysis. In this way, companies can establish an end-to-end strategy that ensures data governance and compliance with data protection regulations.

Data governance - the core of every data strategy
Data governance is not new. But it has become more important with the GDPR and tasks have been added: Companies must now prove where and how data moves. Data must be made traceable - both when it is created and when it is processed. Data scientists, i.e. the professional users of this data, must then ask themselves whether they are allowed to use certain data at all. Can I integrate it into my model? What requirements and restrictions apply? And they have to demonstrate how they arrive at certain decisions and prove that they only use data in the specified way.

Data protection creates a treasure trove of data
Data governance is often seen as a cumbersome corset, but it also creates opportunities. With consistent, system-supported application, everyone involved benefits from an overview and traceability - increasing productivity and more efficient collaboration between departments (specialist departments, IT) are the logical consequence. According to the GDPR study, 84% of all respondents (91% in the EU) expect the new regulation to improve their data governance. 68% see the potential to strengthen trust between them and their customers. They also hope for a higher quality of personal data, a better corporate image and further development towards a data-driven company.

So what may initially appear to be a restriction should be seen as potential for optimization in a wide range of business areas. However, business cases can only be applied if data protection is under control. Companies can only realize the full potential of data if they handle it confidently. To do this, they simply need to understand and apply the GDPR correctly. And with a stringent data strategy that takes the aforementioned points into account, companies create the basis for EU GDPR-compliant data processing.

GDPR-compliant data sets lead to added value
In times of cloud and "as-a-service" models of all kinds, companies' data landscapes are becoming more complex rather than simpler. Managing all this data in a GDPR-compliant and value-creating way is therefore an enormously important factor in making companies powerful and economically successful. If, in future, data is processed exactly where it is generated, for example on smartphones, on board vehicles or integrated into machines, then data protection and data security must also be applied locally. And this will only work with a central platform that coordinates all data sources and analysis processes. One that recognizes personal data during processing and supports the user in handling it correctly.

6 points on modern data management
The GDPR places special demands on data management in connection with data-based business processes and models. These can be summarized as follows:

1. Data management must be agile and ad hoc. The days of rigid data strategies and overnight batch processing are over. In addition, the user should have all data available and be able to analyze it without having to think about the result in advance.
2. Self-service data preparation means: the user decides. A solution such as SAS Data Preparation also enables users in the specialist department to prepare data for analysis quickly and easily.
3. Hadoop integration: Data management must bridge the gap between big data and traditional data - logically, technically and in terms of personnel. While data lakes are often used to store valuable but only semi-structured data, customer master data continues to be stored in a classic, audit-proof data warehouse.
4. Real-time processing continuously analyzes data in real time and thus creates the prerequisite for being able to react immediately. Solutions such as SAS Event Stream Processing make the use and processing of data streams possible in the first place.
5. Use of unstructured data sources: Instead of relying exclusively on information from internal company systems such as ERP and CRM - as was previously the case - information such as social media, geo or sensor data is now increasingly being added, often from external sources.
6. Data governance serves to maintain an overview and control. Although it is often seen as a cumbersome corset, it also creates opportunities. With consistent, system-supported application, everyone involved benefits from an overview and traceability.

The author: Rainer Sternecker, Pre-Sales Solutions Architect at SAS DACH