Do you ever wonder why complicated words and acronyms are used to explain new laws and processes? Things could be explained so simply without the use of complex words, and in the particularly grey and challenging era we are entering with GDPR, it is necessary to clear the fog and try and make thing as simple as possible!
Does anyone really understand Metadata or GDPR?
GDPR is becoming a real enforceable law on the fast approaching 25th May 2018. Every business needs to be ready!
What does Metadata mean?
Metadata is “data that provides information about other data”. Put simply, from metadata, you can understand what data you hold as a business and the way it is used within your organisation. Metadata also makes it easier to gain access to individual records held within larger databases.
Therefore, databases cannot be managed or analysed without metadata. That’s why this will be essential for GDPR in May.
How will metadata aid your processes with GDPR?
GDPR is aimed at focusing business attention on how data is stored; who has access to that; how secure your sensitive data is; and having the correct processes in place should there be a data breach or a request to eliminate someone’s data.
Therefore, metadata will be of paramount importance in this new process of GDPR. In light of this, you should consider the following points:
- Consent: Consent of use of someone’s data is the highest priority for GDPR and metadata will allow you to administer consent for privacy-sensitive data.
- Data breach: If any of your data becomes compromised, metadata will enable you to see how the file was created; on which date; the name of the hacked filed; and when the breach took place. This information will then need to be used to notify your data protection supervisory authority immediately!
- Data protection officer: For larger organisations, there will be a need to appoint a data protection officer. Metadata will be that officer’s greatest assets in ensuring that the correct measures and processes are in place to protect personal data.
- Privacy is king: Your business will need to ensure that it has taken all necessary precautions and has all the correct procedural measures in place. Metadata will allow you to ensure that all technical measures required are performed in the correct way.
- You own your own data: GDPR gives greater control to the owners of personal data. Their privacy rights have been greatly improved. However, this does mean that businesses (or data processors) will have to react quickly to any request for access to personal data. Metadata will be essential in giving organisations fast access to this information.
- Data processes: You will need to process data properly and securely and be able to demonstrate your processes should you need to. Without metadata, it could make this task exceedingly difficult, so you will need to ensure that it is easily accessible when required.
- PIA: PIA stands for Privacy Impact Assessments and your business may need to do this. This will help identify the privacy risks within your organisations. This will be asked for when it is believed that there is a privacy risk, however it would be prudent to perform one to identify where potential risks may be.
GDPR is undeniably complex and confusing. Compliance is mandatory and your business will need to ensure that you have a knowledgably officer that will help see you through the confusion.