GDPR Adoption by BI Teams – Data Inspection
The EU’s new General Data Protection Regulation (GDPR) affects the way personal data is to be handled, not only by organizations within the EU, but also by organizations outside the EU that control or process the personal data of EU residents.
The significance of the GDPR for BI teams can’t be underestimated. The capability that BI teams need to cultivate is rapid response ‑ to both the potential for the mishandling of personal data, and the rights and requests of the data subject.
The GDPR is at the leading edge of data privacy legislation, and as such provides a model for data privacy best practices. The sooner and in more detail that BI teams adopt these best practices, the better for corporate governance and customer confidence.
GDPR & SAP BI Compliance Best Practices
In practical terms, GDPR adoption for BI teams comes down to three activities:
- Inspection
- Protection
- Retention
Data Inspection
Data subjects have the right to inspect the data pertaining to them that your organization controls or processes. This means that you need to be able to inspect your BI system for any such data, and be able to present that data for inspection by the data subject.
In a recent webinar, APOS Solution Consultant Alan Golding summarized the data inspection capabilities needed by BI teams with the following questions:
- What reports enable access to personal data?
Understand and document how a data subject’s personal data has appeared in reports. - How is personal data being used?
Understand and document who has access and for what reasons. - When are personal data reports being used?
Understand and document the conditions under which these reports are distributed. - What is the purpose of the report, and is it necessary?
Make informed decisions on whether reports should contain personal data.
Effective data inspection for GDPR compliance requires adequate security analysis, usage analysis, and impact analysis.
Security Analysis
Analyze your BI system for security anomalies and holes, and to enforce corporate governance. Find out:
- Who has administrative access to personal data?
- Where are the data breach risks in your system?
- What are the impacts of security setting changes?
Security analysis is key to avoiding data breaches, and reducing the risk of personal data exposure and misuse.
Usage Analysis
Analyze how your BI system is being used. Find out:
- Which reports contain personal data?
- Who is scheduling, rereshing and/or viewing reports that contain personal data?
- To whom and how are reports containing persona data distributed?
You need to determine the scope of personal data exposure, firstly in order to minimize it, and secondly to be able to report to data subjects exercising their right under the GDPR to inspect your usage of their personal data.
Impact Analysis
Analyze the impact of changes to your BI system:
- How do changes made to databases and universes impact reports that contain personal data?
- How can we avoid unintended consequences for our information governance?
Impact analysis is the key to avoiding unintended consequences in your management of the BI system.
Note: this post is the second in a series of posts on the GDPR, including:
- GDPR & SAP BI Compliance
- GDPR Adoption by BI Teams – Data Protection
- GDPR Adoption by BI Teams – Data Retention
- BI System Change and the GDPR
Great blog! Just started looking at GDPR and it’s impact. Very informative.