The Regulation uses the term "Privacy by Design" to illustrate that the privacy focus has to be taken into account throughout the entire lifespan of an information system. And here is a direct link to the Data Life Cycle: privacy rules must be considered in storage, modification and removal of personal data.
Now think about an automated system that processes your customer data. What is the impact of such rules and regulations in the context of data management?
There is a lot to consider: data storage, data access, rectification and removal of data, data security, audit trails, etc.
Let me give you an example: Article 17 of the Regulation states that a person concerned has the right that his or her data will be removed and that further deployment of the data will stop. Now if you are using an MDM solution, in which several source data records are accumulated in a golden record, you have to ask yourself how to remove the data records and the relations between the records. In addition, you will have to figure out how you will actually prove that the record has been removed.....
During the coming Gartner Enterprise Information & Master Data Summit in London on 2 and 3 March, my colleague François Ruiter and I will present Know Your Customer - The next level, in which we will talk about and demo the implementation of privacy regulations in our MDM system, the DataHub.
I hope I will see you in London!