There is much hype around the GDPR due to the fast approaching deadline of 25 May 2018. As a result organizations are looking for solutions, and many vendors have seen an opportunity to position their solutions (including MDM) as an answer.
Master data management (MDM) is defined by Gartner as follows;
Master data is the consistent and uniform set of identifiers and extended attributes that describes the core entities of an enterprise, such as existing customers, prospective customers, citizens, suppliers, employees and patients.
Master data packaged solutions help ensure the uniformity, accuracy, stewardship, semantic consistency and accountability of an enterprise’s official, shared master data assets.
Personal data can undoubtedly be categorized as master data identifiers and extended attributes and therefore governed by an organization within an MDM packaged solution. Looking at the critical capabilities of packaged MDM solutions they will possess the ability to manage the policies and rules associated with potentially complex privacy access rights, services to manage workflows, business rules and audit trails for the master data, and provide support for information governance and stewardship functions of the master data. So far so good.
The challenge to MDM being an answer to compliance with the GDPR is that personal data includes non-master data. Such data has limited reuse, or is specific to one single application only. Therefore this data falls outside of the jurisdiction of MDM.
In conclusion, MDM for many organizations is critical to their privacy mandate, and as a result to achieving compliance with the GDPR. However, an MDM solution is only one component of data and privacy. Organizations should be mindful of not extending the scope of their MDM program to include non-master data (see definition above). In addition organizations should develop and action plan to prepare their MDM program for the new privacy requirements. For more information on how this can be achieved, please see The Impacts of the General Data Protection Regulation on MDM.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.