GDPR: data classification and retention
In this data focused video will discuss the approach for data asset protection, including gathering key data classification and governance for stakeholders to define and agree upon.
View all episodes of the "KPMG Privacy" video series.
Transcript
Steve:
- Welcome to the fourth “how-to” GDPR video in KPMG’s privacy video series.
- This video is the second of three focused on how to address data under GDPR.
- We will discuss how to classify data and leverage this approach for data asset protection, building on the knowledge of personal data set forth in the previous video.
Austyn:
- An important first step is to identify data classification and governance stakeholders to define and agree to the following:
1. Personal data classification levels applicable across the entire enterprise
2. Data governance controls associated with each personal data classification level, including security requirements, retention period and destruction method.
3. Approach to maintaining data classification program, including ownership
- Work with businesses to identify owners of personal data related to prioritized higher risk processes, and continue the data classification program rollout based to priority.
- Work with those data owners to assign personal data assets a data classification level, and review governance controls.
Steve:
- We appreciate your time and attention as we address the foundational understanding of data.
- Thanks for watching.
Strategy and governance
Cyber security: it’s a business issue, not just an information technology issue.
Read more