If we can all agree on a subject matter, it’s the fact that it would be complex, even self-destructive, to think of expanding a house without first knowing the solidity of the frame or basic building structure. Knock down a bearing wall by mistake and the building will fall down like a house of cards.

When you transpose the idea to the business world, how do you keep collecting more and more data if you don’t consider new storage solutions and database architecture modernization in the process ?

Muriel Adamski

Belgian national TV channel VRT NWS* has conducted a survey with Belgian companies, stores and institutions in order to check if they comply with the data subject’s right of access as well as to check the legitimacy of the personal data processing. 83% of the organisations responded, however only 7% of the answers where compliant with the law. Shockingly, 10% never replied.

If you’ve read our previous articles about the Rights of Individuals, you already understand that the General Data Protection Regulation (GDPR) requirements cannot be answered with a simple « processing register ».

As a matter of fact, this register generally includes a « simple » business description of the data and their processing : the data values or their multiple localizations are never included and therefore cannot produce what is called an « individual register » gathering the whole data, processing and applications that are linked to an identified person.

Dominique Orban de Xivry

Here we are at the 4th post in our series on data governance.

The objective is now to ensure that :

  • the technical operations and implementations comply with the rules – internal or external - of the organization (see our first post The 5 keys of data governance : Part 1. The rules) ;
  • what has been enforced is not going against the goals of the organization.
Muriel Adamski, Dominique Orban de Xivry

The scope of the GDPR

By applying the rights of persons, the GDPR grants the consumer/citizen a right to information, control and object as to the use of their personal data by private and public businesses. In this context, it's important for the consumer/citizen, as well as for businesses, to understand the underlying principles (see the first post of this series), the necessary implementation and the tools to use.

Dominique Orban de Xivry

Personal data : an enduring misunderstanding

A great deal of enterprises consider that the data they collect and store are their « property ». Regarding personal data, of course it's not true.

As a matter of fact, in the data world, you must distinguish the « container » from the « content ». Companies own the containers and processings, but the contents are and remain the full and whole property of those who are at the origin of the data.

Dominique Orban de Xivry

Pages