GDPR compliance necessitates knowing where data is stored. Most enterprises deal with enormous volumes of unstructured data. Without a proper structure, your organization risks data breaches and violations.

» Is your business GDPR compliant? Learn how to ensure GDPR compliance

What is Unstructured Data?

Unstructured data encompasses all of a company’s non-classified data scattered across the company in the form of emails, spreadsheets, PDF files, video, audio, and image files, social media, and communication channels. When it comes to unstructured data and GDPR compliance, you must keep the following factors in mind.

1. Unprotected Data

You can only protect data if you know what you have or where it is. Many companies that lack a structured data system rely on employees to classify information manually. However, this inefficient method frequently leads to data being stashed, leaving it unprotected.

» What if unprotected data is breached? Discover how to avoid data breaches under GDPR

2. Data Retention Period

An organization that retains unstructured data often keeps some data longer than necessary. For instance, the private details of former employees should be deleted once they leave, which many organizations do not. While the GDPR does not have a set retention period for data, it maintains that a company shall store information “no longer than is required.”

Finding the source or data subject to give consent is more challenging if your organization has unstructured data, and it may be difficult to comply with GDPR-mandated data subject access requests (DSAR).

» What is DSAR? Compare DSAR under CCPA to GDPR

4. Fines and Penalties

With unstructured data, you might be unable to enforce the rights that the GDPR grants to individuals. If someone exercises their right to delete, you may be unable to comply since you cannot verify their identity or locate the information. Additionally, you run the risk of a data breach which can result in fines.

Up to 4% of global revenue or €20 million in penalties, whichever is larger, may be imposed for violating the GDPR.

» Worried about fines and penalties for GDPR non-compliance? Find out how to avoid GDPR fines

Conclusion

Any organization subject to the GDPR should identify the sources of its data asset and examine where data is being stored. Proper management and destruction methods must be considered to avoid a breach.

» Unsure how to manage unstructured data? Explore PieEye’s solutions

Get a
Demo
NOW

Fill up the form for 20% off on subscriptions!

First Name
Last Name
Company Email Address
Company URL

About the Author: Marc Parrish

Marc Parrish, Founder and CEO of PieEye INC., is a seasoned marketing expert with a rich history in the industry. Holding an MBA from UCLA and a background in Mechanical Engineering from the University of Michigan, Marc's expertise spans interactive marketing to product marketing. Based in San Francisco, his insights into the digital transformation of the U.S. retail sector are deeply informed by his vast experience and passion for various social causes.

Share This

Request a demo of our data privacy solution today and take control of your privacy strategy.

Get a
Demo
NOW

See how our platform ensures compliance and builds trust.

Discussion