To Ensure Regulatory Compliance, You Need to Trace Data Lineage

When it comes to data, regulatory compliance isn’t easy.

Regulations are nothing new in industries like financial services, healthcare, and insurance. But no singular piece of legislation has had the impact of the European Union’s 2018 General Data Protection Regulation (GDPR). The GDPR represents the most aggressive effort yet by governments to formalize, unify, and strengthen data protection.

In many ways it’s been a catalyst for new regulations worldwide in data privacy and beyond. But it also driven many companies to examine their internal processes through the lens of data privacy and security to ensure they stand up to regulatory scrutiny.

The GDPR applies to any business handling the data of European citizens, but the ripple effect has been felt worldwide. At a glance …

• Canada was quick to update the Personal Informational Protection and Electronic Documents Act (PIPEDA) with GDPR’s standards in mind
• California passed the Consumer Privacy Act of 2018 (AB375). We not only saw the evolution of data privacy-specific laws, but we’re seeing additional regulations
• The European Central Bank (ECB) will now conduct a targeted review of internal models (TRIM) to assess whether the models currently used by financial institutions comply with specified regulations. In the already heavily regulated banking industry, the ECB is specifically targeting “banking own fund” requirements – or the minimum amount of money banks are required to keep in-house to guard against unforeseen losses

These regulatory requirements and assessments are crucial to ensure that internal organizational processes protect consumer and citizen privacy. However, they’re also a major headache for many companies.

Maintaining data’s regulatory compliance in the face of strict requirements

Data is constantly passing through the data supply chain. As soon as a piece of data is created or ingested, it begins to move. As it moves, it may also be manipulated and transformed by people, processes, and systems.

The route a piece of data takes through a data supply chain is also unpredictable. Data doesn’t just move from point A to point B. Organizations have large, complex data environments. A single data transaction can easily move from point A to point K, back to point G and then to point V. As data travels, its format, function, and quality levels can also change. It may even transform multiple times along its journey.

Data complexities can wreak havoc on efforts to comply with regulatory requirements, whether region-wide regulations like GDPR or industry-specific processes like TRIM. That’s why it’s critical for organizations to track data lineage as data passes through various systems and platforms, to create a complete audit trail for data’s lifecycle.

How to track data lineage

The different views of data lineage vary based on data user roles and objectives. Typically, organizations need to track business lineage and technical lineage through a comprehensive, enterprise-wide data governance program.

Business lineage provides visibility into the data pipeline by investigating data’s origins and where it travels over time. It traces data errors back to their sources, so business users can understand and rely on their data to generate trustworthy insights. This level of lineage enables you to understand which applications and processes data passes through, but it has limited applicability when it comes to your data’s regulatory compliance.

Technical data lineage, on the other hand, is critical for regulatory policies. Technical data lineage reports all the complex details of a particular piece of data and the physical location where this data resides. This includes data storage procedures, how data combines with other data sets, and data transformation processes.

Technical lineage enables IT resources to interactively explore these details and quickly search any data glossaries. More importantly, it demonstrates the impact regulatory policy has on various data environments by identifying where personal or protected data may reside and how that data changed over time.

With technical data lineage in place, data stewards can work to establish both GDPR and TRIM compliance. By analyzing the multiple steps data takes throughout an environment, across data stores and any other technical alterations, data stewards can grasp the granular enterprise data flows and navigate the multiple hops data makes throughout an enterprise.

As a result, sensitive data remains private, and banks ensure fund requirements are satisfied.

Looking for additional information about data regulatory compliance and lineage? Watch our webinar Foundational Strategies for Trust in Big Data: Data Lineage.