New Delhi: The Enterprise Data Management Council (EDM Council), which advocates best practices in data management around the world, recently started work with India’s Nasscom (National Association of Software and Services Companies) to train the industry on data management. In a recent interview, John Bottega, executive director of the EDM Council, shared his thoughts on data management, privacy and more. Edited excerpts:

With the General Data Protection Regulation (GDPR) in effect, what changes do you see in how enterprises are handling users’ data?

We did an almost six-month study on this issue with members of the industry—not from a legal perspective but from a data perspective. If I look at the requirements of GDPR and compare them to the best practices of data management, we concluded that if you’re doing your data management correctly, you’re putting yourself in the best position of achieving GDPR.

For example, one of the requirements from GDPR is that consumers can request to have their data forgotten. The only way you can do that (from a data management perspective) is by inventorying the data—knowing where the data is. In general, the industry is responding properly, and data management is important to adhere to GDPR.

While GDPR has set an example, should data protection laws be different in countries? Shouldn’t enterprises manage customer data similarly across the world?

It’s probably more complicated than that, because of the infrastructures of organisations and objectives they are trying to achieve. But I would say as a best practice, Yes. If we’re managing this asset properly, we should be looking at it from a perspective of identifying a source, understanding that the source is valid, etc. This is what we advocate in our best practices. You have to look at data as another asset. It’s not some amorphous thing. It’s the result of a manufacturing process, (you have to look at) how it gets created; are we using it responsibly, and so on.

Many websites declare their data privacy policies now. What else needs to be done to educate people about data privacy?

There’s no reason for firms to have to explain to an end user all of the technical jargon. It’s pretty straightforward. A company has a responsibility to you as a consumer—to use your information properly, protect it and, if so desired, to give it back. There’s not much more I should be explaining to the consumer. However, if a certain class of customer wants to find out more, you can take them down that path.

Would you say India is at par with the rest of the world when it comes to data management techniques?

The knowledge of data management varies by country. There’s plenty of opportunity to do a lot of training on data management in India. You have a very advanced IT team, but they are focused on other areas that may not be specifically (concerned with) data management itself.

Could effective data management make it simpler for consumers to make changes to their data held by organisations—for instance, the data held by governments?

The fundamental concept of good data management is across the supply chain—so the answer would be, Yes. If it’s silos of data that are not reconciled with each other, then the consumer has to navigate multiple touch points, which makes it a more complex and difficult process. 

Close