When we think of data privacy regulations and how they affect today’s organizations, most people first think of GDPR—the European Union’s General Data Protection Regulation—which went into effect in 2018. In reality, though, GDPR was far from the first. Some twenty years earlier, Great Britain’s Data Protection Act (DPA) of 1998 was designed to “protect personal data stored on computers or in an organized paper filing system.” In terms of modern data privacy and compliance (DP&C) law, however, GDPR certainly wasn’t the last. In fact, GDPR had barely gone into effect when California’s CCPA and Brazil’s LGPD were signed into law.
But the list continues to grow. Since GDPR, CCPA and LGPD, various countries have enacted or are working on new DP&C measures—for example India’s DPB—as have various states, provinces, and municipalities. While each of these regulations originates with a specific government body, their impact on organizations is truly global. They affect every organization, regardless of location, doing any kind of business with any citizen or resident in their respective jurisdictions. Most DP&C regulations have core tenets in common (we’ll discuss these in detail in this blog over the coming weeks), but each one also has its peculiarities. This, in turn, can lead to an endless cycle of IT projects aimed at keeping up with one regulation after another.
As if compliance with multiple DP&C mandates isn’t difficult enough, the core challenge is in your data management itself. A typical enterprise has dozens or hundreds of data sources—databases, the cloud, and big data systems—across which customer data is fragmented. That makes it nearly impossible to get timely access to all the customer data you need for compliance, whenever you need it. And controlling access to all those data sources is nearly impossible with custom point-to-point integration solutions, especially when the requirements for compliance are always growing and changing.
Why traditional data management and Big Data fail with DP&C
If app-to-app integrations are cost-prohibitive and require constant maintenance, big data solutions such as data warehouses and data lakes fail for other reasons. These solutions may be okay for after-the-fact analyses and insights into macro trends, but they don’t work for real-time operations which involve specific customers. For many compliance requirements, customers and support staff need access to current data in real time, not whenever massive queries and table joins from a warehouse get around to it.
For one thing, a customer support rep can’t afford to wait for minutes to retrieve all the data for a single customer who is waiting on the phone or a chat line (the same is true if the customer is trying to access their information via a web portal or mobile app). For another, the data they do retrieve from a warehouse is only as recent as the last update—and rarely are all enterprise databases updated at exactly the same time. Worse still, if the customer or support rep needs to update some of the customer’s information, that data has to somehow be propagated back to all the source applications—something a data warehouse isn’t designed to do.
Digital entities—an innovative approach that simplifies compliance
A new approach to data management can bridge the gap between the worlds of application-centric data sources and big data warehousing. K2View’s Digital Entity model provides a holistic, digital representation of a person, place or thing recreated from every piece of its data from across all your enterprise applications and data sources.
Every digital entity—in the case of data privacy, a customer—is unique and securely encrypted in its own, individual micro-database. Instead of having to perform complex queries and joins on millions/billions of rows in a data warehouse, a digital entity provides a single point of access and control for each customer’s data, no matter how many backend data sources it may come from. And because digital entities provide two-way connections to the original data sources and systems, updates to a digital entity can be propagated back to the original sources automatically.
Digital entities enable organizations to embrace the key benefits of DataOps—agility, security, and holistic access to data—and compliance with existing and future data privacy regulations is a perfect application of this. K2View data privacy solutions—like all K2View solutions—leverage the single-source access and control of digital entities to implement compliance-specific features—such as customer data archival and erasure upon request, for example—without requiring complex queries or customer integrations with backend systems, databases, and data warehouses. And because digital entities are always up to date (unlike data warehouses), these features can operate in real time, providing both customers and support teams with the right data at the right time.
First solve the data problem, then DP&C comes naturally
As we often say here at K2View, you don’t have a systems problem, you have a data problem—and that’s as true of data privacy as it is for most other enterprise data management challenges. First solve the problem of providing a single, central point of access and control to every bit of a customer’s data—no matter how many sources in your enterprise in which it resides—then you can provide a single solution to address the requirements of any data privacy regulation.
Is your organization ready to effectively handle all DP&C regulations? Find out by downloading our latest eBook, Surviving the Avalanche of Data Privacy and Compliance Laws.