Data and privacy regulation is becoming increasingly complicated, with the EU set to fine companies up to €20m for misusing people’s information. Here are strategies and tools to ensure you stay compliant
Data is continuing to explode. According to predictions, the amount of data created globally will surge to more than 180 zettabytes by 2025. This is a double-edged sword for businesses. While data helps to gain insights to serve customers better, ever-expanding amounts of information need to be properly managed and protected.
Over the last five years, organizations have started to “wake up” to the importance of data.
Organisations have gone from using simple customer and marketing lists to having huge amounts of unstructured data from multiples sources, such as social media platforms and third parties. In a sense, every business has become a data business.
‘One of the biggest risk areas is the explosion of data sharing through cloud collaboration tools’
Now that companies are putting such an emphasis on data, the volume of data being collected is getting bigger and bigger – which means a growing role for the data manager.
The growing role of the data manager
Ultimately, the data manager is responsible for the design and management of a company’s data systems. This includes ensuring data is stored correctly and is secure, governed and meets regulatory standards. The role includes data modelling and analysis, as well as applying best practice for storing, cleansing, and mining data.
Increasingly, data managers are involved in influencing the company in how they should be using and managing data, which involves communication skills as well as commercial awareness.
Clearly, there is an increasing need for having a data manager. However, just as the number of roles for data managers continues to proliferate, so do are the number of potential threats to maintaining data and privacy hygiene, especially from artificial intelligence (AI).
>See also: What is the role of the data manager?
How AI could threaten data privacy
Artificial intelligence (AI) offers multiple benefits to businesses, but it also poses data privacy risks. AI is everywhere, powering applications such as smart assistants, spam filters and search engines. The technology offers multiple advantages to businesses – such as the ability to provide a more personalised experience for customers. AI can also boost business efficiency and improve security by helping to predict and mitigate cyber-attacks.
But while AI offers benefits, its technology poses significant risks to privacy, including the potential to de-anonymise data. Credit-scoring, criminal risk profiling and immigration decisions are just a few examples. If the AI or the way it is used is flawed, people may be subject to greater intrusions into their privacy than ever.
Another issue is that as AI systems crunch data, that data – or the way the AI is programmed – may be unintentionally biased.
Therefore, with digital transformation seeing companies collect growing amounts of AI-powered data, there is an increasing need to have data and privacy management processes in place.
>See also: How AI could be a game-changer for data privacy
Common data + privacy mistakes
Here are some of the most common mistakes made when it comes to data + privacy:
- Using data for purposes other than it was collected for
- Gathering information on individuals not in the scope of data collection
- Storing data for longer than necessary
All of which could leave firms falling foul of regulation governing data privacy such as the EU update to General Data Protection Regulation (GDPR).
Your business could be fined up to €10m or up to 2 per cent of your entire global turnover for the proceeding year, whichever is higher, for mishandling data.
4 steps to good data hygiene
Therefore, good data hygiene is integral if you want to escape falling foul of GDPR regulation.
- Don’t collect data you don’t need
- Make sure information is deleted after a certain amount of time
- Ensure access to data is properly restricted
- Have good security practices in place
When it comes to having good security practices, one element is automating your GDPR compliance by using specially written software.
Best GDPR compliance software for CTOs
GDPR compliance is a challenging and time-consuming activity. The expanding scope and impact of compliance requirements and audit programmes, plus the ambiguity and complexity of the GDPR law itself, creates a never-ending and exhausting to-do list for CTOs.
One of the biggest risk areas is the explosion of data sharing through cloud collaboration tools, which are replacing email as the preferred way of sending files.
>See also: Best GDPR compliance software for CTOs
The rapid expansion of cloud services and collaboration tools that businesses are now using because of the pandemic and accelerated digital transformation only serves to complicate the issues around GDPR.
Broadly speaking, GDPR compliance software falls into these categories, with specialist software available for each:
- Identity
- Log analysis
- Data loss prevention
- Policies and cookies
- Databases
Data privacy audit checklist
Another way to encourage good data hygiene when it comes to data + privacy is to conduct a data privacy audit.
At a time when firms are collecting vast amounts of information, data privacy audits assess whether organisations are in a good position to win customers’ trust and meet their regulatory obligations.
>See also: Data privacy audit checklist – how to compile one
Data privacy audits offer valuable insight into how to improve data handling practices, helping to support better data governance and trust at a time when good data management is critical to business strategy.
The benefits of conducting a data privacy audit are clear, so what do you need to remember?
- Define a clear purpose and scope
- Outline a criteria and methodology
- Know what data you have and what you use it for
- Don’t overlook shadow data
- Think about business processes and staff awareness
- Focus on consent
- Document everything
- Data security and data breaches
What’s coming next?
Next the European Union is planning to introduce more regulations specific to AI. These will affect those companies that place an AI system on the EU market, so will impact those based in the UK who sell or deploy AI solutions into the EU. These regulations are intended to prohibit certain AI systems and place obligations upon any that are high-risk, outlining how data can be stored and used.
Breach of high-risk obligations under the EU’s proposed AI Act carries potential fines of up to €20m, or up to 4 per cent of annual turnover – double that of what you currently face under GDPR.
Related:
Clive Humby – data can predict nearly everything about running a business – Clive Humby, inventor of the Tesco Clubcard, on ways to stop feeling so overwhelmed by data, how to convince your CEO of its importance, and why data should look forward and not backwards
How businesses can prepare for the Data Protection and Digital Information Bill – With the Data Protection and Digital Information Bill currently being reviewed in Parliament, Netwrix vice-president of research and development Michael Paye explains how businesses can amply prepare
Forget digital transformation: data transformation is what you need – Stefano Maifreni, founder of Eggcelerate, discusses why organisations must focus on data transformation to maximise long-term value
