Why finding metadata for personal data in ERP and CRM systems for CCPA and GDPR is hard.
The State of California’s California Consumer Privacy Act and EU General Data Protection Regulation, usually referred to as CCPA and GDPR, together with regulations imposed by other governments and states, have placed more responsibility on organisations for managing and releasing the personal data and information they hold about individuals. (This is an edited and updated version of a blog first posted in 2018).
Depending on the regulation these data items can refer to customers, employees, citizens, business partners etc. As time goes on more and more countries or individual states will implement similar regulations on companies operating under their jurisdiction.
One of the prerequisites for being able to identify and manage personal data is to know where it resides across your organisation’s IT systems. In order to do this it is critical to be able understand the metadata in these systems. In many cases they will give up the metadata relevant to personal data relatively easily.