Digital data pervades virtually every aspect of our lives. IDC estimates that by 2025 digital data will grow to 163 zettabytes, 80% of which will be created by businesses. From autonomous cars, robotic process automation, intelligent personal assistants to smart home devices, the world around us is undergoing a fundamental change, transforming the way we live, work, and play.
The Changing Nature of Personally Identifiable Information
The confluence of big data, cloud computing, social media, mobile devices collect and aggregate diverse data sets, which taken together, such as internet search habits and GPS tracking information may expose personally identifiable information.
There is an even more vexing challenge - data analytics - powerful algorithms that cut through vast amounts of data. Predictive analytics is fundamentally changing the definition of data. It consists of not only consent based data collected from data subjects but also extends to observed data, for example, video data from surveillance sensors and inferred data, aggregated from diverse data sets that creates a digital fingerprint of data subject sentiments, preferences and behaviors. Increasing use of machine learning technologies is also generating vast amounts of data about individuals without their knowledge let alone affirmative consent, as required by GDPR.
It is then not surprising that a recently published survey found that 64% of organizations are planning to overhaul their business processes given GDPRs onerous enforcement mechanisms, fines and penalties. However, 47% of the same survey participants do not have a clear understanding of how to prioritize their compliance initiatives.
So where do you begin your governance journey?
A useful starting point is to consider a unified information governance strategy based on the over-arching principle that safeguarding privacy rights is not just about risk mitigation but also an opportunity to strengthen corporate brand and foster enduring customer loyalty.
A holistic information governance strategy demands cross functional participation from the business leadership. A potentially useful governance framework is the IGRM reference model. This model provides a framework for aligning the key business functions so that:
The business may leverage data as a competitive asset;
IT may improve operational efficiencies in the management of data; and
Legal may mitigate compliance risk and proactively adhere to regulatory requirements.
A large percentage of data now lives beyond traditional organizational boundaries – in the cloud, IoT and social media with its inherent challenges to manage and harness. A recent survey found that for 71% of organizations identification of data sources and their location is their primary challenge.
One of the potentially more daunting tasks is review of existing internal policies and vendor and agreements to ensure compliance with GDPR obligations and then take remediation steps to address gaps. This may be a time consuming and tedious process which may be streamlined through the use of machine learning technologies that extract meaning from documents much the same way as humans do. For example, Named Entity Recognition automatically identifies relevant nouns (people, places, and organizations) within agreements and extracts them for analysis purposes. Natural Language Processing helps organizations infer meaning from agreements in context by analyzing the co-occurrence of contract clauses and their relationships within and between documents.
Compliance with GDPR begins and ends with proactive information governance best practices. In many ways, if your organization subscribes to the Generally Accepted Recordkeeping Principles then GDPR compliance initiatives are easier to embrace.
Want more information?
About the author: Andrew Pery is a marketing executive with over 25 years of experience in the high technology sector focusing on content management and business process automation. Andrew holds a Masters of Law degree with Distinction from Northwestern University is a Certified Information Privacy Professional (CIPP/C) and a Certified Information Professional (CIP/AIIM).