How to manage End User Computing and avoid GDPR or IFRS fines
Author: Jan-Kees Buenen
I’ve long said that End User Computing (EUC) is here to stay, whether we like it or not.
EUC applications such as spreadsheets and database tools can provide a significant benefit to companies by allowing humans to directly manage and manipulate data. Unlike rigid systems like ERP, EUC offers flexibility to businesses and users to quickly deploy initiatives in response to market and economic needs.
However, EUC has become the villain in the big data story. EUC flexibility and speed often lacks lineage, logs and audit capabilities.
The risks of the incomplete governance and compliance mechanisms of EUC are not new. Organizations are pretty aware of the accidents they cause: financial errors, data breaches, audit findings. In the context of increasing data regulation (like GDPR and IFRS) companies struggle to embed EUC in a safe way in their information chains.
GDPR and the impact of EUC
GDPR (General Data Protection Regulation) was enforced on May 25, 2018. It is a legal framework that requires businesses to protect the personal data and privacy of European Union citizens.
Article 32 of the GDPR addresses the security of the processing of personal data. These requirements for data apply to EUC as well.
Article 17 provides the right to be “forgotten” for any individual. Companies have to precisely control data so there is no leftover data lying in unmonitored applications if the user decides to be deleted from all the systems.
The recent financial penalty of 53 Million euro against Google is a concrete example of what may happen to other companies. In accordance with GDPR, Google was fined for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
The challenge of EUC applications: they generate data that largely remain in silos, also known as dark data.
IFRS and the impact of EUC
IFRS (International Financial Reporting Standards) aims at bringing transparency, accountability and efficiency to financial markets around the world.
The new compliance requirements, like the new IFRS9 and IFR17, include data at much more defined levels than ever before. Data that currently flows to and from EUC has to be traced, linked and precisely controlled by knowing its content.
Having a higher emphasis on the control environment, workflow and ability to adjust at a very detailed level is key as disclosure and reporting requirements increase.
Using SynerScope to manage the data linked to End User Computing
Organizations have to recognize that EUC falls under the purview of data governance. Any organization that deals with data – basically every organization – has to manage and control such apps so they are able to act immediately to ensure compliance.
SynerScope solutions offer 2 key ways to reclaim management and control over data:
1. Single Pane of Glass
The first solution to reclaim control is to gather the company’s entire data footprint together. Both structured and unstructured data in one unique space: a single pane of glass.
SynerScope offers an advanced analytical approach to include and converge unstructured and semi-structured data sources. All applications from different back-ends are gathered in a unique space. A single, powerful platform for operational analytics that replaces disjointed and disparate data processing silos.
2. Data protection within EUC
The second approach to reclaim control over EUCs is to track and trace all applications, their data and the respective users.
Synerscope combines a top-down overview with all the underlying data records, making it easy to investigate why a certain business metric is off, and where the changes came from. It fluently analyzes textual documents and contracts to help spot the differences between tons of thousands of documents in the blink of an eye.
Furthermore, an extra layer on the top of all data to control outcomes and keep data to check for governance and compliance.
Two powerful tools to get control and insight into End User Computing Data
SynerScope Ixiwa provides a more effective approach to data catalogue and data lake management for business users. Ixiwa is a data lake (Hadoop and Spark-based) management product that ingests data automatically, collects metadata about the ingested data (automatically) and classifies that data for the company. While Ixiwa will often be deployed as a stand-alone solution, it can also be viewed as complementary to third party data cataloguing tools, which tend to focus on structured data only and/or have only limited unstructured capability.
SynerScope Iximeer complements Ixiwa. It is a visual analysis tool that has the ability to apply on-demand analytics against large volumes of data, for real-time decision-making.
Figure 1: SynerScope Ixiwa and Iximeer provide a more efficient and visual approach to data management and analytics
What to do next?
If your organization is concerned about the new IFRS or GDPR regulations and you are searching for solutions to ensure compliance, please contact us to learn more.