GDPR: What’s lurking in your unstructured data?

October 27th, 2017   

GDPR: What's lurking in your unstructured data?

Unstructured data is the collective name for the information that your organisation creates, and keeps, to help it carry out its primary tasks, but isn’t in a recognisable structure or contained in a database.

It is made up of your documents, presentations, PDFs, emails and multimedia content sitting in file shares and ECM legacy platforms. It’s the information created by members of staff either as a part of a process, or as supporting information to assist in completing a task.

Organisations will usually have lots of unstructured data. In fact, it’s thought around 80-90% of corporate data is unstructured. So, the difficulty is knowing what this information is, why it was created, what it contains and perhaps, most importantly, what value it holds for the business.

In other words, unstructured data poses several challenges to an organisation.

The Challenges of Unstructured Data

The first challenge is that there are risks involved with holding data longer than it needs to be kept, or on the flip side, not keeping data for as long as required by legislation. Most industries, from government, to health, to finance, all have policies that stipulate how content should be retained over time.

Secondly, the cost of storing this data becomes a financial burden to the organisation. Even though the raw cost of storing data is reducing, the exponentially increasing volume of this data means the cost to the organisation continues to rise – rather than fall.

Due to the historical challenge of managing unstructured data, most organisations have invariably put the problem of solving it on the back-burner. And, therefore, taken the uncalculated risk of hoping they don’t fall foul of any legislation, rather than address it.

However, with the General Data Protection Regulation (GDPR) coming into force in May 2018, organisations need to act quickly.

An organisation’s unstructured data will contain personally identifiable information (PII) such as names, addresses, dates of births, driving licence numbers and National Insurance numbers.

Think about all the information your organisation holds on your existing staff, customers, clients, potential employees’ (for example CVs), or even people who visited a trade show and gave you information for just one particular purpose. How much of that is personal data?

Understanding what data you hold and managing it is important, not only for good practice and to ensure business continuity, but now to meet the GDPR compliance and regulatory requirements.

Mismanaging the retention of data significantly increases risk for the organisation, so identifying and properly managing your data will greatly reduce this risk.

The last challenge of unstructured data also typically results in information silos and reduced productivity. Searching for information has been identified as one of the largest productivity losses for employees.

A lot of this wasted energy is due to information being hidden within reams of redundant data, it is filed inappropriately or it is not available through search. For example, information stored in only the receiver’s inbox, with others unable to access it, creates an information void.

Catalyst for change

There is an opportunity to see GDPR as the catalyst for positive business change, rather than a daunting regulation. This opportunity allows the organisation to check the GDPR box while increasing productivity, compliance and reducing risk and cost at the same time.

On average, 60-80% of the unstructured data most organisations are paying to store is not needed.  Perhaps the document’s retention period has passed, an employee has left the company or the report’s content is outdated. This data is known as DROT, because it is duplicated, redundant, obsolete or trivial information.

Therefore, options for business change might include cleansing the data that is no longer required, either deleting or archiving the Terabytes (and even Petabytes) of information to substantially cheaper storage in the Cloud.

There’s never been a more important time for organisations to have a comprehensive overview of what information they hold, process and store. Just one of the things organisations should have in place before the GDPR deadline includes an Information Asset Register. This can help organisations to map the data assets within their business, and to alert them of expiring retention dates.

With an Information Asset Register in place, organisations will have a better understanding of how to manage their information, such as migrating some of it to the Cloud.

Moving to the Cloud

Many organisations have long been considering a move to the Cloud, but traditionally, one concern was around how secure the information would be once it was, ‘there’.

Microsoft, with its Cloud platform Azure, has committed to GDPR compliance across all Cloud services when the EU data privacy regulation comes into play next year. Not only that but Microsoft’s Azure platform has a broad range of security certifications including ISO27001.

The benefits are well documented, not only lowering costs of storage, as mentioned, but the scalability of Cloud platforms and being able to work from anywhere at any time.

By removing silos and making all the data of value available in a platform where users can easily work and collaborate, you’re not just enabling your employees to become more productive, but also more effective.

What’s the solution?

At Automated Intelligence we specialise in helping organisations take control of their unstructured data.  Our ground-breaking solution can analyse what data is being stored and intelligently migrate it to the appropriate cloud-based ECM and cloud storage platforms.

The remediation, migration and archival of unstructured data reduces cost and risk, while increasing information governance and productivity.

The time to find out what’s lurking in your unstructured data is now – before GDPR comes into play.

This article originally appeared on SYNCNI