Question

Good data management for proper use of data

Answer 1

Data management: definition and explanation of terms
Type of data
Data management: objectives and application
Types of data management
Data management challenges
Bottom line: overriding benefits of data management
Data collection
Data storage
Data security
Data Protection
Company's needs
Storage
Erased
Other legal obligations
Big data
Security
Legal obligations
Changes in the scope of the company

---

Good data management for proper use of data

Modern companies produce huge amounts of data every day. Thanks to electronic data processing (PED) , the recording and organization of information is no longer a real problem. Customer data can be recorded in databases and staff management can be automated. To do this, simply provide enough data to the computer and sophisticated algorithms will take care of the rest..

But with increasing connectivity and increased data flow, new problems appear. Several workers must be able to access the same database and, if possible, at the same time. No repetitive data must be recorded and must be traceable at all times. But above all, they need to be protected against possible losses caused by hardware failure or malfunction, and against hackers and other data thieves on the internet. And finally, the legal aspects must also be taken into account, that is, the retention periods, the informed consent for the storage of personal data and the appointment of data protection delegates.

The complexity of this issue has motivated the development of a new discipline within the field of information technology: data management . Likewise, the field of research is also progressing in this matter. Data Science or data science is the new branch of science dedicated, among other things, to the correct classification and linking of data, as well as to the effective search in large databases..

Index

1. Data management: definition and explanation of terms
2. Type of data
3. Data management: objectives and application
   1. Data collection
   2. Data storage
   3. Data security
   4. Data Protection
   5. Company's needs
   6. Storage
   7. Erased
   8. Other legal obligations
4. Types of data management
5. Data management challenges
   1. Big data
   2. Security
   3. Legal obligations
   4. Changes in the scope of the company
6. Bottom line: overriding benefits of data management

Data management: definition and explanation of terms

Data management establishes a series of specific requirements for handling digital data. The term refers to a general process , rather than individual measures. Data should be organized from the moment of its collection and introduction. The minimization and quality of the data are two factors that must be taken into account. The protection of the content must be ensured along with the ability to use the data effectively for the purposes for which it was collected, that is, an effort should be made not to limit its practical usefulness. Finally, when it comes to data management, we must also ask ourselves what data to store and for how long. Data that is not needed must be quickly traceable for safe erasure.

Definition

Data management: The term data management describes a comprehensive view of digital data management. Data management encompasses all steps from collection, storage, and processing to archiving and disposal. Therefore, both the needs of the company, as well as the aspects of security and data protection must be taken into account..

Type of data

To plan your data usage, you first need to ask yourself what types of data your company works with. In this step, categorizing it can be helpful to proceed systematically and not overlook any area.

• Personal data: information directly related to specific people. The most common examples are names, phone numbers, and addresses. Measurement data and shopping habits are also included. It can be customer data, employee data or third parties. These data require special protection.
• Confidential Company Data - Internal company data such as accounting information, tax documents, and company secrets. All companies have a special interest in handling this data particularly carefully. However, it is perfectly understandable to establish, within the framework of data management, what information belongs to this area.
• Secondary data: data that is generated by means of an action taken for another purpose. An example is video surveillance that is typically installed to prevent break-ins and theft, but which also records the license plates of customers' vehicles. Another example is the company's network login protocols, potentially storing the IP addresses of visitors.
• Public data: data that is made public and disseminated on purpose, such as information included on the website and in company brochures. In this area, it is important to comply with the rules on copyright and the protection of your own data, for example, regarding published images, advertising slogans and company logos. The latter can be protected according to Law 20/2003 on the Legal Protection of Industrial Design (based on the rules of the Industrial Property Statute relating to models, industrial drawings, and artistic models and drawings of industrial application).

Data management: objectives and application

Data management is tasked with integrating all processes, from data collection, to classification or disposal, taking into account efficiency and? Shelf life? complete data. From this derives the term data life cycle management .

Data collection

Data processing begins with the collection of the data. In this sense, the concept of data minimization becomes important : only the absolutely necessary information should be collected. This obligation is also established in the General Data Protection Regulation (RGPD). Therefore, data can only be processed if the data subject has given their consent or is necessary for legal reasons, such as in the case of a contractual agreement.

The most effective way to ensure data quality is to enter it correctly. Careful registration avoids unnecessary questions and corrections. The information should be saved in the same format in which it will be used later. Each transfer or conversion can cause errors in the database.

Data storage

The choice of storage location and format is very important. In addition to local storage, it is possible to choose the cloud as a storage location. Both solutions have their advantages and disadvantages. Local storage is easier to protect against unauthorized access. Cloud storage, on the other hand, is scalable and fail-safe. Combination solutions are offered for the most important data.

In the case of large amounts of data, databases are the first choice for archiving. If you use specialized software , such as accounting or warehouse management, there is no need to ask the question of storage location. Finally, pay attention to compatibility with external systems and export options.

Data security

Data security it is an important and complex matter in data management. Data must be protected against loss, accidental modification and unauthorized access . The National Cybersecurity Institute (INCIBE) offers useful and very detailed information in this regard. In its section Protect your company - Security policies, constantly updated, the policies and guides that deal with the essential aspects and elements to apply security in the business environment are shown. Each policy contains a checklist for employers, technical teams, and employees. Policies are available free of charge. Another advantage is that certifications in accordance with ISO 27001 (such as the information security certificate) are in line with these policies and guidelines.

Possible dangers are:

• Hardware damage , caused by fire, contact with water, or overload
• Loss of data due to incorrect operation
• Loss of data or inability to use the system due to malicious software (encrypted Trojans, data theft)
• Data loss due to software errors
• Loss due to theft

To address the various risks, the solutions include not only software- based protection mechanisms , but also organizational measures such as fire and burglar alarms.

The following principles must be respected:

• Regular updates : In this sense, there is a difference between automatic and manual updates. The advantage of automatic updates is that they cannot be forgotten. However, manual installations can prevent faulty updates.
• Strong passwords : also in this area there are different strategies. It is convenient to force workers to use complex passwords. It is also a good idea to change passwords periodically. However, excessive complexity and frequency of changes can lead workers to type passwords and leave them at the workplace.
• Backup strategy : one of the most important points is, without a doubt, to have a correct backup strategy. Important data should be secured periodically and as completely as possible on physically separate media. Database security presents a particular difficulty. In some circumstances, it is not possible to copy open and working files. Instead, the applications in use must be secured with specialized software such as MySQLDump.
• Antivirus / firewall protection : all ICT systems should have up-to-date antivirus protection. In addition, depending on the complexity of the network, a firewall should be used and, if necessary, an intrusion detection system.

Note

By intrusion detection system we understand a system that detects the access of intruders on a network. This system is integrated into a network and, using sensors, collects information in a log file. Thanks to registered patterns, it recognizes attacks if certain transmitted data is modified. In that case, the administrator will be informed by email.

Backups should be created in an automated way. Otherwise, there is a high risk of abandoning the practice due to lack of time, comfort and forgetfulness. Important data should be saved gradually with new versions. This means that initially only modified data sets will be backed up. However, old versions should be kept for a specified period of time to be able to rebuild the data in the event of accidental deletion.

A hot topic is the security of archived backups. The Trojans encrypted try to compromise each memory unit to get access to. If the backups are stored on a connected network or on external storage media, in the worst case, they will also be encrypted. During the backup creation process, the system will protect itself by denying access to normal users and temporary connection of storage media.

Data Protection

Data protection is different from data security, although they have points in common. Its purpose is simply to prevent unauthorized persons from accessing confidential data. For this, access must be prevented, on the one hand, which requires data security measures. On the other hand, internal access to personal data must be prevented . For this, it is necessary to manage the access rights in the software used. This will either deny access to certain employees, or the data records will only be partially displayed. Transmission encryption and data archiving offer additional protection. Thus, confidential data will be protected from people who access the hardware , be they cybercriminals or unauthorized employees.

Company's needs

Data management must be integrated into business processes in the most practical and intuitive way possible. In this way, greater acceptance by workers and maximum efficiency is achieved. Some of the objectives presented are related to increasing efficiency. Collecting unnecessary data costs time and may even annoy the customer. Organized and secure data storage improves productivity.

Therefore, it can be helpful for the business to adopt a data governance policy that sets out how the business will treat the data. This directive will particularly affect data quality and possible improvements through help systems such as self-correction. In addition, expressions and terms will be defined uniformly.

Storage

The storage of data that is no longer necessary is also the responsibility of the company. It affects all data with a legal conservation obligation, such as invoices and tax documents. Therefore, this aspect should be part of the data management concept.

Separate storage can be beneficial. In this way, the volume of current backups is reduced and data protection can be ensured. Note that not all storage media are suitable for archiving data . For example, hard drives have to be turned on regularly to ensure their operation. Optical media such as CDs are sensitive to external influences and have a limited shelf life. The best option is tape drives with magnetic stripes. Its disadvantages are the high acquisition costs of the disk drive and the complexity of its use. On the other hand, they have the advantage that the security tapes are inexpensive and have a long service life.

Erased

Data that is no longer required should be deleted. In this way, the responsibility for your safety is also eliminated. For this, the concept of data management must provide that certain data can be deleted selectively and separately. First of all, personal data must be securely deleted.

Erasing by operating system functions typically only causes data to be overwritten or released. In reality, they continue to exist on the hard disk until disk space is required and they are overwritten.

advice

Today, secure erase is no longer so easy. Normal (magnetic) hard drives can be completely overwritten ( wipe ) with the appropriate software. Through this process, the entire memory is overwritten one or more times with zeros or random values. However, many hard drives currently use flash memory . Since this type of memory is less durable, it includes reservations that the user cannot access. Therefore, they cannot be overwritten either. In this case, often the only thing that works is to destroy the memory. For this reason it can be useful to encrypt the entire memory. This way, at no time will there be unencrypted data on the hard drive and can be safely disposed of.

Other legal obligations

Along with the provisions of the RGPD, there are other regulations that oblige companies to protect data. If it is confirmed that its breach is the cause of the illicit use of personal data, the owner or his representatives will be responsible . The following are the basic laws:

• LOPD: Organic Law 3/2018 on Data Protection
• Law 19/2013, of December 9: law on transparency, access to public information and good governance
• Royal Legislative Decree 1/2010, of July 2: Capital Companies Law

According to the RGPD, a data protection officer must be appointed when the treatment is carried out by an authority or public body; when the main activities of the controller or processor consist of processing operations that require regular and systematic monitoring of data subjects on a large scale, and when the main activities of the controller or processor consist of the large-scale processing of special categories of data or personal data related to convictions and crimes.

Types of data management

The way you organize your data management depends on the size of each company. There are different approaches to integrated solutions on the market. Some are dedicated especially to the analysis and optimal use of existing data, for example for advertising purposes. Another approach is to increase productivity by using all available data. The possible types are:

• Enterprise Resource Planning  (ERP) Systems - This system offers the most comprehensive approach. Registers and takes into account all the resources of the company. These resources are made up of staff, work tools, and materials. The best-known commercial manufacturers are SAP, Sage, Oracle, and Microsoft. However, there are also free software solutions like Odoo or OpenZ.
• Master Data Management (central master data management): centralization and updating of the fundamental data of a company. These include worker data, customer data and information on work tools. The goal is to have consistent data quality that is more user-friendly. This approach is mainly used in ERP systems.
• Content management systems (QMS): the predominant type of information management system, for example, in the form of a central intranet for the company. Thanks to its great flexibility, it is also possible to introduce other aspects such as the management of forms and the integration of databases.
• Document management systems (DMS): are part of data management. They provide forms and offer features such as storage and filing.

Data management challenges

Data management is a dynamic process and must constantly adapt to the needs of the moment. Therein lies the emergence of new challenges.

Big data

The amounts of data keep increasing. As a result, the requirements for storage scalability and backup capacity increase, as well as the order and accessibility of the data required. The more data can be collected, the more important data minimization becomes. The filtering of important information must increasingly come to the fore.

Security

Those responsible for network systems are increasingly exposed to new risks. Information theft through social engineering and sabotage using encrypted Trojans are just some of the potential risks. The more digitized a company's database is, the more dependent it becomes on the functioning of the systems used. That is why it is important to be constantly informed about new risks and to take precautions in case of hardware failures or if you cannot access the system itself.

Legal obligations

The implementation of the GDPR has created a lot of uncertainty and has meant a significant expense for companies. However, more provisions are likely to follow or changes to existing laws will require adjustments, which can also affect the concept of data management.

Changes in the scope of the company

Changes in the structure or processes of a company must, in any case, be taken into account in data management. Cautions should be taken when using scalable systems or those that are easy to migrate. Regular employee training on internal data governance involves additional costs.

Bottom line: overriding benefits of data management

Of course, data management requires our time and that we put aside our core business. However, if it is approached with specific measures, it is immediately clear that it is very useful and necessary. It helps to comply with legal obligations, increases data security or increases the efficiency of work processes. It is, therefore, time well spent .

---