Data Management is a set of processes implemented to manage an organisations data through its lifecycle:
Create > Store > Use > Share > Archive > Destroy
An organisations data is normally created through data entry, data capture or acquisition from an existing source outside the organisation. The way data is created will have a direct impact on its quality and in turn its usefulness. It is important that the processes and standards associated with data creation are clearly defined and understood.
Choosing the right storage technology for your organisations data can be difficult given the variety of types of data to be stored and the technologies available. Key parameters to be considered are security, resilience, scalability and cost. It is worth noting, that under GDPR your organisation is accountable for the safety of any personal data stored by your organisation or on your organisation’s behalf.
Organisations needs to facilitate, control and understand the use of the data that they store by both users and systems. A strategic well managed approach to access control is essential, as is the provision of a well-documented interface to the data.
Sharing data with users and systems outside your organisation can deliver significant operational and financial benefits. When you setup a data sharing service with users and systems outside your organisation you need to be able to control which data sets are shared with who and have visibility of the usage of the service.
Archiving involves the copying of data from a production environment into a archive storage environment and then removing it from the production environment. Accessing data in the archive storage environment is normally much slower than accessing it the production environment and the cost of storage is lower. The usage profile of each data set needs to be considered in order to define its archiving policy.
Data retention periods are required for each of the data sets managed by your organisation. You may be required to retain some data sets indefinitely while others can only be retained for a prescribed period. GDPR needs to be considered when defining data retention periods along with the cost of storage and the usage profile of the data. It is essential that data is properly destroyed and that your organisation can demonstrate how and when this was done.