이메일로 Hortonworks의 새 업데이트를 받으세요.

한 달에 한 번 빅 데이터와 관련한 최신 인사이트, 동향, 분석 정보, 지식을 받아 보세요.

Sign up for the Developers Newsletter

한 달에 한 번 빅 데이터와 관련한 최신 인사이트, 동향, 분석 정보, 지식을 받아 보세요.




시작할 준비가 되셨습니까?

Sandbox 다운로드

어떤 도움이 필요하십니까?

* 저는 언제든지 구독을 해지할 수 있다는 점을 이해합니다. 또한 저는 Hortonworks이 개인정보 보호정책에 추가된 정보를 확인하였습니다.
닫기닫기 버튼
이전 슬라이드
Six Big Data Questions Your Business Needs to Answer
March 13, 2018
How Big Data in Aviation Is Transforming the Industry
다음 슬라이드

Why Does Your Business Need a Data Protection Officer?

Rose de Fremery

The data protection officer (DPO) is not a new position in terms of responsibility. In fact, some companies have had a chief security officer and chief data privacy officer on staff for many years. However, under the General Data Protection Regulation (GDPR), many businesses will be required to appoint a DPO, regardless of their size. The DPO will have a large portfolio of responsibilities, including overseeing all data protection issues, monitoring the company’s compliance with the GDPR, dealing with regulatory authorities who may inquire about the firm’s GDPR compliance, and managing privacy risk assessments and internal audits.

Why Your Business Needs a Data Protection Officer

Any business that must comply with GDPR will have to hire a data protection officer because regulators will require a single point of contact they can engage with when evaluating an organization’s compliance. Just as a chief financial officer (CFO) serves as a liaison for investors alongside the CEO, a DPO will serve in this capacity when the organization interacts with regulators. With a DPO charged with GDPR compliance, it will be easier for both the organization in question and the regulators to ensure that requirements are being met.

From the regulators’ standpoint, it will be easier to assess compliance across businesses of different sizes and verticals, because the DPO will always have the same charter and set of responsibilities across all companies. When a regulator comes into a business and speaks with a DPO, he or she will ask that person to present a comprehensive assessment of all the company’s customer data, including what’s been collected and where the data sources are located. Having a consistent point of contact who oversees assessment and is responsible for having the controls in place will streamline the process for all involved.

The DPO’s Role

Since the GDPR gives the customer the right to ask a company to delete his or her customer records, a DPO must put data governance and security infrastructure in place in order to trace any interaction that a customer has had with the company. Most of us tend to think of customer data as simply residing in customer relationship management (CRM) or transactional systems that house information on products and services that customers have purchased. However, if you send an email to a company inquiring about the status of an order, or have a phone conversation with a customer service representative that’s recorded, these are sources of data about a customer. To make matters worse, these systems are often not connected. Demonstrating compliance with GDPR can be incredibly difficult if it turns out that the company does not know where all of a person’s records reside within its various systems.

The DPO will be responsible for making sure that the company is able to fulfill this requirement. For that to be possible, the DPO needs to have a good sense of where all the possible sources of customer data are within the organization. This means the DPO must put an IT infrastructure that is capable of discovering and assessing data sources that are both structured and unstructured, such as email messages, database records, phone conversations with customer service representatives, and more. This infrastructure also needs the functionality to classify this information according to whether it creates privacy concerns or is sensitive in some other way.

After the business has labeled or tagged this data, it can apply various policies to customer records. Given the volume and scale of data that could be involved, the company will likely need an automated mechanism to identify, tag, and catalog the data, and then apply the relevant policies that may be required, such as access or security policies. Consolidating data from siloed systems into a unified platform will certainly be helpful in this regard.

Keys to a DPO’s Success

Obviously, a DPO will be considered successful if he or she can guarantee compliance with the GDPR. If you unpack everything that the GDPR encompasses, this may prove to be a far more formidable challenge than it might first appear on paper. For example, certain provisions of the GDPR are extremely broad and can be interpreted in multiple ways. One concisely written requirement could, in fact, mandate that the DPO review all systems within the organization and confirm that they have been built from the ground up with security and privacy in mind, possibly touching on disparate functions of the organization, such as product development and systems development.

A DPO will need strong leadership skills, sharp business acumen, and enough technical experience to bring together various parts of the organization to ensure proper compliance. It will also be crucial for the DPO to have a seat at the organization’s leadership table. This officer must be vested with considerable authority to provide the information that regulators request and implement the changes they require. The DPO will also counsel the organization on how to adapt its practices, processes, and systems to better comply with GDPR regulations. The DPO’s role should be closely aligned with the CEO and CFO, reporting to the highest levels of management.

Lastly, any business bound by GDPR—and consequently its DPO—will need experienced technology partners with deep subject matter expertise. These partners should bring the right set of technology solutions and best practices to the table, whether that involves conducting a risk assessment or structuring customer data to better comply with the GDPR. With the benefit of this guidance and an empowered DPO leading the way, your company can rest assured that it is meeting its regulatory obligations while enabling the tremendous business opportunities that big data generates.

To learn more about the GDPR, download this on-demand webinar.

답변을 남기십시오

귀하의 이메일 주소는 공개되지 않을 것입니다. 필수 내용은 *로 표시되어 있습니다.