Topics
Services
Home > Risk Big Data: ...
EN
EN DE FR IT

Risk Big Data: Many companies neglect data quality

Outdated, inaccurate and incomplete data reduce the informative value of analyses and cause additional work - Big Data thus becomes a security risk. Sophisticated data analysis tools, which are increasingly based on artificial intelligence, are of little use if the data quality is not right. Companies that rely heavily on data for their business models and processes therefore need clear guidelines on how and when data can be maintained and, if necessary, deleted.

Editorial office - 06 May 2022
Risk Big Data: The secure and legally compliant deletion of data no longer concerns only IT or data managers, but many departments and employees. (Image: Depositphotos.com)

Companies are collecting more and more diverse data and using more and more channels to interact with their customers. Not infrequently, this results in fragmented data silos that can only be broken up and centralized with great effort. Against this backdrop, there is a great danger that inaccurate, incomplete, and outdated data sets will be created, reducing the meaningfulness and timeliness of the insights gained in analyses.

Risk Big Data

The complexity has also increased in legal terms - keyword: EU Data Protection Regulation (DSGVO). This also relates in particular to the question of data deletion. According to a Blancco studya specialist in data maintenance, almost all (96 percent) of the more than 1,800 companies surveyed worldwide have guidelines for handling and deleting data. However, most companies fail to communicate these regulations comprehensively to their employees. 

Sensitive data can fall into the wrong hands

Against this backdrop, many companies have a feeling of false security when it comes to handling data - especially when it comes to deleting it. As the study further shows, this often takes the form of the purely physical destruction of data media or deletion or formatting processes. However, simply formatted hard disks are comparatively easy to recover, and this can potentially lead to sensitive data falling into the wrong hands.

A similar risk also exists when employees leave the company or obsolete laptops, desktops, hard drives or server hardware are earmarked for disposal. According to the study, around half of all old devices are disposed of by third-party providers and are thus removed from the company's direct sphere of influence. If the devices are stored for a long time before being deleted, or if there is insufficient documentation of what data has been securely deleted, companies can quickly find themselves in need of explanation. 

Institutionalize data competence and create clear responsibilities

The mere formulation of guidelines for compliance and data protection as well as for handling and deleting data is not sufficient against this background. Companies that work with data and its analysis also need clear personnel responsibilities for the topic of data competence and data security - for example in the form of a CDO (Chief Data Officer or Chief Digital Officer) - above and beyond the mere text of the regulations. This person is responsible for the implementation of the relevant guidelines, drives their compliance and implementation, and calls for or communicates the processes required for this.

How to delete data securely and in compliance with the law 

  • The first step is to define the framework conditions. This includes defining standards with regard to availability, use, data quality, access, security and data protection. 
  • Responsibilities for policy implementation and compliance monitoring must be clearly assigned. 
  • The times for purging and deleting personal data as well as retention periods should also be defined in the framework. The legal requirements (such as the DSGVO) must also be taken into account here.
  • The predefined guidelines must be communicated throughout the company and all employees must be sensitized to the topic of data quality.
  • The data erasure policy should cover all IT assets - including smartphones, tablets, PCs, servers and the virtual infrastructure. 
  • It is important that devices with sensitive data do not leave the company or the data center environment - this is especially true in light of the fact that hybrid work models no longer clearly separate the private and business use of end devices.
  • Care should also be taken with end-of-life devices to ensure that their data remains within the IT infrastructure sphere of influence of the respective company - for example, in the case of recycling or donation. In these cases, data should be deleted from the devices on site and the cleanup should be verified with an appropriate certificate. 
  • If an external provider takes over the disposal of old devices, he should create a complete chain of evidence of how the goods have been handled in detail since collection. In this case, it is recommended that a data destruction certificate be issued for each device.
  • Devices should be disposed of at the end of their service life, preferably within 24 hours.

Source: Sage

(Visited 265 times, 1 visits today)

More articles on the topic

Permanent crises put Swiss companies to the test

Swiss Cyber Security Days 2025: Change at the top of the Executive Committee

Allianz Trade claims statistics: Fake resident fraud scam still "en vogue"