Develop a central and unified Data Privacy and Protection strategy to comply with new data privacy regulations.
Recently, South Africa introduced its answer to Europe’s General Data Protection Regulation (GDPR) with PoPIA (Protection of Personal Information Act): South Africa’s data protection law, aimed at protecting personal information processed by public and private bodies. As this organization is committed to respect its customers’ and employees’ data privacy it aimed to not only meet the local PoPIA regulation but to also bring in best practices from the GDPR rollout in Europe.
The organization explains the scope of this undertaking: “We started this project with the aim to have full data transparency. We wanted an effective search capability and to centrally manage customers’ data preferences and usage permission so that we could respond swiftly to any customer subject rights requests. A subject rights request, also known as data subject access request (DSAR), is the right to request access to the personal information a company or organization holds on you. With many petabytes of customer and staff data to manage, locked in hundreds of applications and databases, this was no mean feat. We were familiar with Micro Focus (now OpenText) already and trusted their expertise in guiding us through this effort.”
When a data management project is as large as this organization’s, the responsibility for privacy regulation compliance is often delegated to the individual system owners, because tackling the issue at a central level is a daunting task. However, delegation means the corporation has no central overview and cannot report on compliance against a unified strategy. It was felt this siloed approach would not help achieve the objectives in the long term.
The Micro Focus (now OpenText) best-in-class portfolio offers superb integration, and the total is far greater than the sum of its parts. We feel we purchased a full solution to take us into the future, rather than a set of point products.
The team wanted to start with a full data inventory, to understand exactly what personal data is stored where. Following that, it could ensure personal data is anonymized, but the aim was to do this without impacting the systems’ architecture or functionality. They wanted to provide customers with a single interface to manage their data preferences and permissions, ensuring consistency across all channels. In analyzing the huge data volumes, it was hoped data that did not need to be retained could be archived or purged, while putting effective retention schedules in place for all remaining data.
The organization decided on a suite of OpenText (formerly Micro Focus) solutions for a holistic, integrated secure data protection and content management approach. The combination consists of ControlPoint for file and content analysis, Voltage Structured Data Manager (SDM) for data archiving and application retirement, and IDOL to securely access and analyze enterprise data. “…Professional Services worked closely with our stakeholders to compile a statement of work and a project plan,” according to the Organization. “We hosted readiness workshops to introduce all departments to the data assessment and ensure a central level of understanding necessary for Micro Focus (now OpenText) and Micro Focus (now OpenText) partner staff to access each system and prepare a data inventory. We secured executive sponsorship as well as working directly with the database administrators and system owners.”
Following the planning, design, build and test phases, the team focused on scanning all structured data, held in a variety of databases, and unstructured data, i.e., email, Microsoft Office, and multi-media files. Working with each individual system owners, the data was extracted, deduplicated, and cleaned up. It was then catalogued into an IDOL-based data repository where it could be searched, analyzed, and reported on through user-friendly dashboards.
“Before the Micro Focus (now OpenText) implementation, we would have to query hundreds of systems, search for a particular person’s data, manually collate that data, and create a response to a DSAR,” according to the senior Organization official. “I can only imagine the number of hours it would take us to respond.”
A dedicated data privacy team worked alongside the Micro Focus Partner and OpenText Professional Services, and through effective knowledge transfer between the parties this team now has full in-house responsibility for ongoing regulation compliance.
The Organization concludes: “The success of this project has made us an internal showcase for compliance. Through the great partnership with Micro Focus (now OpenText) we now have the data transparency we need. The Micro Focus (now OpenText) best-in-class portfolio offers superb integration, and the total is far greater than the sum of its parts. We feel we purchased a data management solution to take us into the future, rather than a set of point products. All data is searchable instantly in a cost-effective manner that always prioritizes our customer’s privacy. We were also pleasantly surprised to find that the data privacy solution can be easily extended into other areas of information governance, further increasing the value of our initial investment.”
Before the Micro Focus (now OpenText) implementation, we would have to query hundreds of systems, search for a particular person’s data, manually collate that data, and create a response to a DSAR. I can only imagine the number of hours it would take us to respond.