Could GDPR help you spring clean personal data your business holds?

QAIST Limited

Many businesses are starting to put their attention to the upcoming data reform legislation, coming into effect in May 2018; the General Data Protection Regulation or GDPR.

With the changes being introduced, it is a good time to look through your processes, procedures & IT to see what needs to be done to ensure you are and remain compliant with the new regulations. It is also a great opportunity to look through all your sources of data and see what is or isn’t now relevant for your business.

How much unnecessary storage is your business lugging around? Just think of all the data you hold in CRM’s, finance systems, mailing lists, production systems that nobody uses anymore. And what about ‘dark’ or unstructured data, disjointed in morsels throughout emails, presentations, phone notes, spreadsheets, and so much more?

Keeping data you don’t need for business or regulatory purposes can be unhealthy in terms of IT cost and it can also put your company at greater risk in the event of a data breach – plus, you may be basing your business choices on data that is incorrect or no longer relevant.

Getting your business ready for GDPR might sound like a hassle, but it’s actually the perfect opportunity to take on this subject as well.

Take, for example, an insurance company, with over twenty years of insurance data and client information stored in its legacy databases. Very likely, some of this data is referred to as ROT: Redundant, Obsolete, Trivial.

It has no business value, but may still cost money to store and maintain. The positive side is that the insurer usually knows the databases are there and knows exactly what they contain, offering some degree of control in terms of security and privacy.

However, when it comes to its unstructured data, we are usually looking at a totally different picture. Medical information may have been shared in emails between the NHS trusts, medical facilities, private facilities and doctors.

Sensitive customer information may have been extracted from production systems for analytical purposes, answering questions like ‘how many people received treatment XX last year?’.

Spreadsheets containing confidential employee information may have been saved locally by the company’s HR or department managers. The bottom line? Most businesses, don’t have insight into their unstructured data stores – which is why it’s often referred to as “dark” data.

With GDPR on the horizon, this issue should be addressed. A great place to start may be to assess what personal information you have, where you keep it and what you are using it for.

In this respect, GDPR can be an enabler to help transform your company into a truly data-driven business. You can create business value from your data by leveraging new insights based on reliable information and improving your decision-making processes to serve customers better and more efficiently – and gaining their trust by taking care of their data along the way.

There are tools available to help support this process that facilitate you analyzing your structured and unstructured data by looking for patterns to identify and locate personal information and other kinds of data – no matter where it is stored.

Simplifying your data landscape using such tools can help you with GDPR readiness, make the most of your data, and possibly save money on IT costs in the process.

How’s that for an upside on GDPR!

If you would like further information on how QAIST IT Solutions can help your business deal with its “dark” data, please visit