Transparency and access to data: a responsibility for organisations
In 2025, the issue of the European Data Protection Regulation (GDPR) is more topical than ever. The need for transparency, aimed at improving user information and simplifying the exercise of their rights, represents a real challenge for organisations.
The right of access allows anyone to know :
- Whether data concerning them is processed and for what purpose.
- To be informed of this data in an understandable format.
- To check their accuracy.
This is an essential element in establishing a relationship of trust between users and the organisations collecting this information.
An organisational and technical challenge
Implementing this transparency involves meeting two technical challenges:
How do you identify a user in information systems?
What systems contain this data and how can it be retrieved efficiently?
These questions are crucial if we are to guarantee the industrial management of the right to information, enabling us to offer users a rapid and reliable response.
Key stages in the effective management of the right to information
1. Data identification
This involves collecting unique information that can be used to identify a person: surname, first name, email address, telephone number, NIR, etc. A technical analysis, supported by repositories (predefined dictionaries or ontologies as in certain datacatalogue products), ensures reliable identification.
2. Centralised data search
This stage consists of analysing the metadata (the data that describes the data) of the information systems to identify the tables, documents and files containing the user’s information. A manual approach can be envisaged for simple IS, but an equipped approach (with tools such as a datacatalogue) is often essential to guarantee exhaustive coverage of the information.
3. Audit of data volumes
Once the systems have been identified, the aim is to precisely locate the records associated with the user (in databases, documents, emails, etc.). Datacatalogue tools can speed up this detection by interacting with the metadata and (above all) the data.
4. Extraction and provision of data
Once the information has been identified, it can be extracted and presented to the user as an exhaustive overview of their data. Depending on regulatory requirements, a number of actions can be taken:
- Transmission of data to the user,
- Deletion of data from systems,
- Retention of anonymised data while maintaining system consistency.
An industrial approach to managing the right to information, facilitated by appropriate tools
In short, managing the right to information is a complex issue that needs to be integrated right from the design stage of systems and processes. Fortunately, solutions (such as Phoenix’s MyDataCatalogue module) can be used to map and list user data in information systems, making it easier to identify and manage.
What’s more, its integration with the Phoenix platform provides full automation of right to information management processes: consent forms, access requests, data verification and extraction, etc. An essential component for an effective data strategy that complies with regulatory requirements!
Want to discuss your Data Catalog challenges with an expert?
