14 DAY TRIAL // According to a new study from Gartner, “Let Go of Personal Data Without Losing Control,” by 2019, most organizations will store personal data on systems they don’t own or control.
Gartner experts believe most organizations will start handling personal data in the same way as they’re currently doing with credit card data.
“The PCI Data Security Standard (DSS) requires the implementation of stringent controls of those who collect and store credit card data. In response, many companies have decided to eliminate credit card data from their own systems and completely entrust it to an external service provider,” noted Carsten Casper, research VP at Gartner.
“The same could happen with personal data. If control requirements are too strong and implementation is too costly, it would make sense to hand over personal data to a specialized 'personal-data processor’.”
Casper says it’s time for organizations to create “an exit strategy for the management of personal data.”
“Strategic planning leaders will want to move away from storing and processing personal data in the next five years,” he explained.
Gartner says there are five main steps that organizations should take to prepare for such a strategy.
First of all, clear delineations should be created between personal and non-personal data. While in many cases, information can be easily catalogued, experts believe there will be data that falls into both categories, and that’s where the challenge is.
Secondly, companies should put a “fence around personal data.” This means policies should be developed to protect information. However, some challenges may be encountered when the underlying IT infrastructures (mobile devices or a cloud environment) are not controlled by the company.
The other steps refer to favoring purpose-built applications over general purpose applications, establishing privacy standards, and deciding where to physically and legally store the data.