First adopted in April 2016, the General Data Protection Regulation (GDPR), which becomes enforceable on May 25, 2018, has been met with widespread controversy. Many of its elements – including the need for many organisations to have a Data Protection Officer (DPO) – have been seen as burdensome; while others have accused it of not being thorough enough, highlighting its focus on cloud providers and social networks rather than the handling of employee data.

Yet wherever you sit on the “positives” and “negatives” of GDPR, the reality is that it’s coming and it’s going to change the way most of us do business. So now perhaps is the time to look on the bright side and see how you can make it work for your organisation.

So, what are the changes?

The changes under GDPR are quite extensive, but here is a brief breakdown:

Accountability

Organisations will now be more accountable for personal data protection. They will need to have security measures to protect against data breaches and make sure they quickly notify individuals if a breach does take place. In addition, depending on your processing activities, you might need to have a Data Protection Officer who will firmly understand data privacy as well as the ability to apply it to law.

Privacy

Firms will need to examine their data and the way they handle it much more effectively so that it is secure right along the chain. Known as privacy by design, there should also be increased transparency in terms of both data and data transfers.

Enforcement

Enforcing data protection will now be stronger than it has ever been with data protection authorities having more power than ever before. Fines can be as much as four per cent of your revenues globally.

 

So, how does this benefit your organisation?

There are actually a host of potential benefits that come along with GDPR. Here are just a few:

Enhancing security is never a bad thing

In a year in which we’ve seen such notable cyber hacks as Wannacry and Petya, not to mention seeing giant firms like Yahoo and Uber breached impacting millions of users, should we really complain about something that is designed to ensure we take data security seriously? The impact of a cyber breach can be massively significant – not just the potential ransom that might be attached to ransomware, the downtime that your firm may suffer, but also the harm to its reputation. The measures introduced by GDPR are designed to minimise the impact of a breach and help to limit the chances of them taking place in the first place. That should be embraced.

Getting to know your customers

While compliance may be complex there are many benefits to be gained because the individual is front and centre of the requirements. GDPR establishes regulations for companies to adhere to around personally identifiable information – and to do that, they must first identify that data, determine how to process and store it, and then make decisions about its usage. By organising data you could gain valuable insights about your customers and then leverage this into your customer service as well as your marketing and sales campaigns. Do it right and what seems like a headache could quickly turn into a money spinner.

It may not be as hard as you think

Compliance doesn’t have to be a tumultuous task. A number of banks have already turned to operational data hubs that are built on a NoSQL database – this automates a lot of processes and reduces the risks of not finding data or not being able to carry out certain actions within a set timeframe. This in turn should help you avoid those dreaded fines.

Improving your reputation

Given the present climate, customers are actively looking for assurances that their data is safe. By not only meeting the regulations of GDPR, but potentially surpassing them, your business can stand on a stronger footing. Indeed taking steps to go beyond the norm could differentiate you from competitors – think of a bank that lets customers store their own data, or an online retailer that offers incentives to customers to supply data rather than simply using a third party for targeted marketing. With many organisations looking to just hit the bare minimum in terms of GDPR compliance, you can stand out from the crowd.

Taking advantage of change

Many firms are already seeing the positives of GDPR. Broker Network, the UK’s largest network of insurance brokers, recently told Insurance Business that GDPR is an “opportunity for them (brokers) to go out and speak to their customers.” It noted that a breach occurring is actually a much higher risk than a flood or a fire – and so by brokers helping businesses to apply GDPR and mitigate this risk, there are savings to be made for client and broker alike.

Indeed that applies to a variety of businesses – you now have the chance to get to know your customers on a new level, apply that to your marketing and sales, offer a cleaner service and also protect your reputation. GDPR compliance is going to take some work – but when that finishing line is passed you’ll feel like your business is the real winner.

 

Why not come along to our GDPR morning briefing on 6th December at Shakespeare’s Globe, London. View the full agenda and register for the event here.

Data underpins most of the technologies popular today, and big data refers to large datasets that cannot be handled by traditional databases. Big data is high-velocity, high-variety and high-volume, requiring particular methods for managing or processing that differ from traditional data management technologies.

We are collecting more and more data from many different sources in all manner of formats.  It enables us to make better predictions about future patterns but also presents management and analysis challenges.  

Artificial Intelligence

Artificial intelligence is the simulation of human intelligence by machines. Though these technologies are still in their early stages, big data is being used to feed AI programs and make them more viable. Access to more data than ever before means we can develop smarter machines.

At the moment, this is resulting in Virtual Personal Assistants, Smart Homes – including technologies such as Google Home and Amazon Echo, and Google DeepMind, which beat the world Go champion.

Computer game systems can monitor user behaviour by analysing natural language in the in-game chat, and serve a penalty to deter abusive behaviour. Google Translate is approaching the accuracy of human translators by analysing sentence patterns in millions of documents.

User focus in content creation

Leveraging big data for content creation is still set to be a big trend. For example, Netflix produces programmes based on data collected from their users’ viewing preferences.

The Netflix-owned US version of House of Cards was commissioned based on data that showed a large pool of their users liked the British House of Cards, Kevin Spacey films and the film director David Fincher. This played a large role in their commissioning the David Fincher directed House of Cards series starring Kevin Spacey, and it was very popular.

The company has also awarded a $1 million prize to the team who improved their viewing matching system by 10%.

Moving to the cloud

Data processing is moving to the cloud, instead of being conducted on-site. This can be done with Amazon’s data warehouse, Google’s data analytics service or IBM’s cloud platform, for example.

Popular open source data analytics tools like Hadoop were designed to work on clusters of in-house machines but they can also be deployed in the cloud.

This means that data and analytics operations are more easily scaleable as cloud hosting is more flexible. It means that companies can trial computing their data in their cloud. This also eases pressure on companies to find the technical talent to run their in-house clusters.

However, there are still technical challenges with hosting any kind of data in the cloud, but particularly in big data, such as needing a very high speed internet connection to handle the high velocity of data.

Cybersecurity and data privacy challenges

Storing more data creates even more opportunities for hackers to exploit personal user details. It’s just as well that £1.9 billion has been announced by the government to help protect companies and their customers from cyber attacks.

Many high-profile cyberattacks, such as the LinkedIn data breach that impacted 17 million users, highlights the urgent need for the government and businesses to protect their data. Consumers are becoming more aware of the data that they allow to be collected and demanding better protection.

New European Union regulations in the form of the GDPR (General Data Protection Regulation) insist that companies improve the security around the data they are collecting, and, perhaps more importantly, gain explicit consent from users to collect their data.

Data self-service platforms

Our ability to analyse big data is going to develop further with platforms that enable business users to make sense of data. Data self-service platforms are a viable alternative for companies with no in-house data analysts or data scientists, and include platforms such as Trillium and Hunk.

These have arisen partly in response to businesses demanding real-time responses to their data, as well as a skills shortage in data scientists. Gartner predicts that the global business intelligence and analytics software market will grow to £14.7 billion in 2017.

Move to stream processing

Traditionally, companies have tended to batch-process data. Continuous analysis of data is now required as businesses recognise the need to process quickly. Speed is crucial in operations such as fraud detection, trading and system monitoring.

Stream processing handles high volumes of data in real-time as it is being collected by the server. It was first used in the finance industry when the stock exchange moved from floor-based trading to electronic trading and is now commonplace.

For example, fraud detection systems process millions of card transactions in real time, so companies can detect potential fraud through analysis of spending patterns. The electricity generators and distributors monitoring hundreds of thousands of homes and businesses in real time can use stream processing to ensure adequate availability in the right locations.

Collecting more data

It’s just as well that businesses are moving to the cloud, as the amount of data we collect is only going to keep on growing. The world is set to create 180 trillion gigabytes of data annually by 2025, according to International Data Corporation (IDC).  The Internet of Things will generate vast amounts of data in many formats; including sensory data, video, audio and natural speech. Companies will need to leverage this to improve services for their customers.

The smart home market has the ability to amass even more data than we previously imagined. Our devices know what time we get up, how we operate our homes, and which groceries we buy. Our smart cars know exactly where we travel to and our fuel consumption. This data can be used to improve sustainability, for example by turning off lights when we’re not using them, or efficiency by diverting resources to where they are most needed.

Companies will also be making better use of their ‘dark data’, which is data not currently being leveraged for a business purpose, and can be paper-based. This could include analysing expense and travel reports for salespeople to determine productivity, for example.

Data lakes

In the enterprise, there will be an increase in what are known as data lakes, making it easier to draw out business insights. Data lakes are centralized repositories that hold a vast amount of data in its native format.

The advantages of using data lakes include it being a low-cost form of storage for large amounts of data that is easily scalable, and supporting multiple programming languages and frameworks because the data is unstructured.

They have potential to help organisations work in a more coherent manner by storing all organisational data in one place. Users can be issued different security permissions to prevent anyone gaining access to all of the data to ensure security.

Data is going open source

Big data is dominated by open source tools such as Hadoop, and database mining tool RapidMiner. It’s no surprise that the future of big data is open source.

Sharing data is going to be important in developing new technologies. For example, companies like Google and Facebook share their data to progress the field of deep learning.

Google is partnering with the medical field as one London NHS trust has already shared patient details with its AI technology DeepMind to test an alert system for kidney injuries.

Final remarks

Big data has longevity and is much more than just a tech industry buzzword. It must not be seen as an isolated area of tech since it underpins the development of many areas of modern technology.

Big data drives the progress behind breakthrough technologies transforming our environment, such as machine learning and the Internet of Things, or how modern security agencies tackle crime.

The option to move to the cloud enables more companies to take advantage of big data in a way that is scalable. Making use of more data, and open data-sharing, is the future.

It’s just under a year now until businesses are required to become compliant with the GDPR (General Data Protection Regulation). This is a directive from the European Union that deals with issues of data protection and privacy for EU citizens.

Since our world has been transformed by the development of digital technology, all organisations have been collecting increasing amounts of data about their customers and users. In today’s world, personal data is a highly valuable commodity, used in a variety of ways, sold between organisations, and the legal protection over where, how and why data is stored about them has become outdated.

In fact, for many citizens the scale and volume of personal data that’s held about them – from medical and financial records, to music and video tastes – can be a surprise. All this data can be extremely valuable if it were to fall into the wrong hands and security breaches, while relatively rare, could have far reaching ramifications.

Consumers can also fail to fully understand what can happen with their personal data if they opt in to certain communications and while laws and general practice has improved significantly over recent years, there are still unscrupulous organisations which look to harvest personal data for profit.

Therefore the GDPR regulations are the latest attempt to protect an individual’s data and aims to give control to the individual over how, why and when data held about them is stored, accessed and used and to minimise the risk of security breaches.

Key elements of GDPR

Data is collected at every turn, as businesses move their operations to digital and online, in order to save costs, gather useful data about their customers and products, and provide a better customer experience.

At the moment, the protection of that data is not well regulated, and customers are often unaware of how much data companies are collecting about them. They are also not sure what to do if they want to have their data erased, and without the GDPR, self-erasure is not necessarily an option.

Different member states within the EU have their own laws governing data protection and privacy. The GDPR will unify all legislation from the different countries to provide one set of consistent rules for everyone. New GDPR regulatory authorities based in each member country will also have significant powers to take action against companies breaching the law.

The GDPR is a long overdue update of the UK Data Protection Act which was first passed in 1995 at the onset of the internet. That first act could not have anticipated the pace of the technological change that has transformed our lives. The GDPR directive was approved on 14 April 2016 after four years of debate and revision and is coming into force on 25 May 2018.

A year to get compliant

Britain is now leaving the EU as Prime Minister Theresa May invoked Article 50 on 29 May 2017, but UK businesses must still become compliant with the GDPR.

It will take up to two years for Britain to exit the EU, and in that time the GDPR will come into force. There is also the strong possibility that the UK will keep the rules of GDPR as part of its exit negotiations.

When the GDPR is enshrined in law on 25 May 2018, companies will need to ensure they have:

• Nominated an employee to lead on their companies’ GDPR compliance
• Conducted a compliance audit of their operations
• Kept a data register to track progress towards compliance
• Classified the sensitivity of their data
• Evaluated their data collection and protection processes
• Assessed their data security policies by completing a Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA)
• Assessed and and documented their risks and processes. The creation of a road map to show how they will address and mitigate risks.

How to ensure you aren’t at risk

Visit the EU GDPR website to check the legislation coming into force. Transparency is the key principle, and ‘privacy by design’ is essential. Data protection must be included in the ongoing process of designing your systems, and not simply added on as an afterthought.

Make your consent opt-ins extremely clear for your users, make it incredibly easy for them to opt out of communications, and write in plain language.

If you’ve thoroughly audited your data collection and processes, and taken the necessary steps to comply, your risk of non-compliance should be low. Your nominated employee or external advisor should apply their knowledge and understanding of the GDPR to help your company make the necessary changes.

Note that some companies monitoring data regularly on a large scale or data that falls into a particular category (such as criminal data) will require the appointment of an official Data Protection Officer.

Even if you are not taking payment from customers when collecting their data, but are dealing with personal information, you still need to comply with the GDPR.

Final remarks

It’s really important to become compliant with the GDPR by 25 May 2018. If not, your business will likely face hefty fines and damage to its reputation.

The GDPR is best represented as the spirit of transparency, responsibility to protect consumer data and privacy by design. It will require in many cases organisational transformation to stop treating personal data as fair game and instead value privacy and empower the individual when it comes to his or her own data.