The term "Data Journey" refers to the various stages by which data moves from collection to use.
First, data is collected and aggregated, and then stored. Later, the data can be used or even shared. The reason why this journey needs to be broken down in such detail is that each of these stages involves compliance and technology obligations.
The notion of compliance is all the more important since the entry into force of the DGR in the European Union. This regulation requires companies to ensure that they can justify each and every decision made during the Data Journey and to testify to the steps taken to comply with the regulation.
For this reason, each organization’s Data Journey will be unique, as it is set in a particular context. An organization must define the purpose for which it intends to collect data, and the legal basis on which it intends to rely.
It must also identify the measures to be taken to comply with these legal bases. Data must then be collected, managed and preserved appropriately. A record of the organization's data management should be prepared and maintained.
For example, during the first stage of collecting data from your customers, you should be aware of which data constitute "personal" data and should be treated and protected as such.
As a general rule, this information should be collected with the consent of the subjects. Laws also require that such data be stored and maintained in a way that ensures not only its security, but also its "quality" and relevance.
Here is an illustration of the integration of the Data journey in the construction of a dashboard ToucanToco
When storing data, you will also have to make technical choices. There are different storage technologies, such as hard disk or SSD, and they meet different needs. For example, the emerging technology of DNA storage allows you to keep data intact over a very long period of time.
If you opt for cloud storage, it will be necessary to choose the right type of service. For example, some vendors such as Amazon or Microsoft offer "cold storage" type services for data that does not need to be accessed frequently.
When using or sharing data, it will be necessary to notify subjects. In addition, it will generally be necessary to anonymize the data to maintain the privacy of the subjects.
However, keep in mind that the steps to be taken will also vary depending on the nature of the data. For example, health data are more considered sensitive and require extra precautions.
A possible data leakage is also a step in the Data Journey, as it will need to be reported immediately to the data protection authority.