The concept of Data Life Cycle first appeared in 2005. Even if the concept is very new in comparison to the law of demand and supply, it is as much important as the latter. Indeed, the fast technological changes of the last decades pointed out the importance of Data Management and subsequently the management of Data Life Cycle.
However, Data life cycle is quite subjective and many will argue on how many phases compose the whole cycle. Some will say that there are 8 phases and some will say 4 phases. Despite the various , all professionals of Information Security agree that managing the life cycle of data is an essential aspect for all organisations.
Here below are the basic phases that compose the life cycle of data:
Data Creation
Data can be created by various methods. It can be entered manually, obtained from another party, or automatically captured from browsers other devices. For example, when someone visit a website, cookies might capture their data. Another example, employees doing door to door surveys on paper.
During this phase, it is important to note all the sources from where your organization gather data and make sure that it is legal and compliant to the existing data protection laws.
Data Usage
Here, we talk about how the data collected is being used. For example, who can view the data?
Are the data shared with third parties? Do you use the data collected for marketing purposes?
When processing the data, it is important that all required permissions were obtained beforehand. Here we talk about the concept of ‘Consent’. It is very important to have the consent of data subjects before using their information.
Otherwise, your organization might be processing information illegally and might be sanctioned by the concerned authority.
Data Storage
It might seem quite simple, but it is more complicated than it looks like. Stocking data on your computer or on the cloud is not enough. Organisation should have backups and a clear process on how to restore the data if ever they are lost.
Moreover, organization should make sure to respect the principle of CIA (Confidentiality, Integrity and Accessibility). You can read more about this subject on our previous article.
Data Destruction
This phase is less obvious but still very important. When we talk about destruction of information, we have to keep in mind that those data cannot be recycled by anyone. For example, paper documents should be shredded and eventually destroyed in a way that no one can reconstitute it.
Also, it is important that the disposal of data is mentioned on the privacy policy of the organisation. All data collected should have a maximum time of storage.
Should you like to have a free consultation for the life cycle management of your data, please contact us. We can help you set up your data management system as well as setting up your various policies to be fully compliant with the existing data protection policies.
Sources:
Comentários