Is it time to look at ‘Personal Data Protection’ from a single lens?

Era of Data Economy

This is the era of the data economy where all possible data is being collected at about every touch point that the enterprises have with the consumers – scrolling of apps, clicks, wearable devices, surveillance cameras, purchases, comments, social network, likes, political views, location, blogs, tweets, photos, videos, financial transactions, health records, voice, and many more.

Global economy is fueling itself by using, buying, and selling this data about consumers. Cloud computing, smartphones, AI, IoT, open source, open education, etc. have democratized the extraction and prediction of consumer insights.

With great power comes great responsibility! With all of this personal data residing on enterprise clouds, enterprises can easily become targets of cyber criminals for data theft – employees accidentally exposing data or intentionally exfiltrating data, violating privacy rights of individuals by using it without their consent, and more.

Enterprises are required to take numerous measures to comply with applicable privacy regulations and security measures to protect the data and data backups to recover incase of any issues.

Changing enterprise IT landscape in the new Data Economy

The last 2 decades have seen waves of drastic changes in the enterprise IT environment. Each of these waves have brought their own set of requirements on how various aspects of data – data backup/recovery, data security, data privacy, and compliance should be handled. The data landscape has changed so rapidly that before the enterprises could handle existing data protection requirements, they had to get ready for newer, bigger compliance requirements. This resulted in years of back-log and accumulation of various tools with a tactical mindset rather than having an enterprise level strategy.

In this new-age digital enterprise era, IT operations are spread across the Cloud and users (both external and internal) are using apps from across the globe. Where employees, consultants, and contractors are working from different corners of the world, cyber threats have understandably reached new heights. Several data breaches have been reported and many more have not. New age privacy regulations like GDPR and CCPA are much wider in scope and stricter in penalties.


Due to the above catch-up game played by the industry for many years now and the current changing landscape, ‘data protection’ hasn’t entirely been redefined when it comes to ‘personal data protection’. Traditionally, data protection has been synonymous with data backup/recovery and some aspects of data security which were mainly perimeter and on-premise operations-centric. Until recently, even data privacy as a capability was good to have (and not mandatory) and was limited to only large enterprises.

End-to-end Personal Data Protection

Keeping up with the current scenario, the industry has reached that tipping point where it needs to formally define ‘personal data protection’ for operationalizing it end-to-end and must include below capabilities as part of it:

  • Data backup and recovery
  • Personal data security
  • Data privacy

In an enterprise environment, while these activities are already being carried out, the approach is extremely fragmented and ununified. The core of the approach, which should be personal data, is essentially missing. With formulation of a common approach which includes the above mentioned foundational blocks, ‘personal data protection’ efforts can really be viewed from a single lens within an enterprise IT environment.

Personal Data Protection is a cross-functional effort

One of the key challenges for operationalizing personal data protection is that each of the foundational blocks is owned by different teams in an organization:

  • Data privacy – owned by privacy teams
  • Data security – owned by InfoSec teams
  • Data backup/recovery – owned by IT teams

Each of these functions have their own priorities and approach to deal with personal data protection requirements. A common understanding and approach can help in bringing synergy among different teams. Another challenge is that each of these functions have too many responsibilities and compliances to worry about, depending on the industry they cater to. Also, to operationalize all above requirements needs a variety of tools, solutions, and services from multiple vendors, which makes it particularly harder to fit them in a single framework.

So rather than building a holistic approach to cover all three areas in a single framework and trying to fit various vendor offerings into it (which practically makes it very complex), enterprises should look at a common denominator approach – a set of capabilities which plays the role of a glue between all three functions bringing them on the same page about personal data protection. This common denominator is Visibility of the Personal Data.

Personal Data Visibility – a glue for Personal Data Protection operations

Personal data visibility across enterprise IT is one of the core capabilities which brings InfoSec, Privacy, and IT teams on a single page. This is also one of the biggest pain points for all the three teams which becomes even more challenging when it comes to personal data on the Cloud.

Today’s enterprises use several cloud apps like messaging apps (Slack, Microsoft Teams, etc.), productivity apps (Microsoft Office 365, Google Workspace, etc.), file sharing apps (Google drive, Microsoft OneDrive/Sharepoint, Dropbox, etc.), customer support apps (Zendesk, ServiceNow, Freshdesk, etc.), cloud IT (AWS S3, Azure object store, etc.), datalakes (Snowflake, etc.), and sales and marketing apps (salesforce, etc.).  As per Okta ‘Businesses at work’ report 2021, enterprises use > 100 cloud apps on an average. 

Imagine how big a nightmare it is for InfoSec and Privacy teams to know where and what personal data of their customers is residing across these high numbers of cloud applications. This is an even bigger challenge where InfoSec and Privacy team sizes are not big (1-20 people).

Hence it becomes a critical need for these teams to have an automated and unified capability which is easy to use, needs no integration efforts, and provides accurate visibility of their customers’ personal data sprawl across cloud apps.

Airavana platform is built after keeping above emotions in perspective and provides an automated and unified visibility of customers’ sensitive data sprawl across 150+ Cloud Applications which empowers enterprise InfoSec and Privacy teams to avoid data breaches and comply with privacy regulations like GDPR, HIPAA, CCPA, etc.

personal data visibility

To know more about getting an automated personal data visibility capability across all Cloud Apps, write to us at


Co-founder and CEO - Airavana Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like

PHI & Healthcare data protection: A guide for healthcare enterprises