Unstructured Data & GDPR Compliance: 4 Major Challenges

GDPR compliance necessitates knowing where data is stored. Most enterprises deal with enormous volumes of unstructured data. Without a proper structure, your organization risks data breaches and violations.

» Is your business GDPR compliant? Learn how to ensure GDPR compliance

What is Unstructured Data?

Unstructured data encompasses all of a company’s non-classified data scattered across the company in the form of emails, spreadsheets, PDF files, video, audio, and image files, social media, and communication channels. When it comes to unstructured data and GDPR compliance, you must keep the following factors in mind.

1. Unprotected Data

You can only protect data if you know what you have or where it is. Many companies that lack a structured data system rely on employees to classify information manually. However, this inefficient method frequently leads to data being stashed, leaving it unprotected.

» What if unprotected data is breached? Discover how to avoid data breaches under GDPR

2. Data Retention Period

An organization that retains unstructured data often keeps some data longer than necessary. For instance, the private details of former employees should be deleted once they leave, which many organizations do not. While the GDPR does not have a set retention period for data, it maintains that a company shall store information “no longer than is required.”

3. Consent to Use Data

Finding the source or data subject to give consent is more challenging if your organization has unstructured data, and it may be difficult to comply with GDPR-mandated data subject access requests (DSAR).

» What is DSAR? Compare DSAR under CCPA to GDPR

4. Fines and Penalties

With unstructured data, you might be unable to enforce the rights that the GDPR grants to individuals. If someone exercises their right to delete, you may be unable to comply since you cannot verify their identity or locate the information. Additionally, you run the risk of a data breach which can result in fines.

Up to 4% of global revenue or €20 million in penalties, whichever is larger, may be imposed for violating the GDPR.

» Worried about fines and penalties for GDPR non-compliance? Find out how to avoid GDPR fines

Conclusion

Any organization subject to the GDPR should identify the sources of its data asset and examine where data is being stored. Proper management and destruction methods must be considered to avoid a breach.

» Unsure how to manage unstructured data? Explore PieEye’s solutions