GDPR explained and should we love or loath it?

gdpr

In the past few months, the amount of literature on GDPR has been increasing rapidly. Discussing the topic internally or externally, people do not know whether it is good or bad for business, nor do they understand the ramifications of these changes. Here is my point of view. Forget whether it is good or not for your business, the bottom line is that it is good for the customers. If you are a customer centric business like mine then you will welcome it with open arms. Of course, there will be painful conversations ahead, and people must remain pragmatic and make these changes bit by bit rather than all at once. Therefore if you read this post, crack on with it as it will come into play on the 25th May 2018.

Background

Back in the day, around 1995, the Data Protection Directive 95/46/EC [DPD] was introduced. This legislation was the first of its kind at the time and it replaced some old school legislation that was out of date and allowed for all the new data legislation to be in one place. The legislation provided a detailed framework for data processing but now, 21 years later, the DPA has become significantly out of date!

Now, 21 years is a long time and you can do 7 undergraduate degrees within that time. So it is no wonder that within that period, the use of computers and the data this use creates has changed considerably, which, unfortunately, also means that the threat of cyber crime and subsequent data misuse has also increased.

Not only has technology changed immensely (and continues to do so), but the reliance on paper records has diminished. Funnily enough, floppy disks are no longer used (remember those!) and there are now a vast amount of storage options, as well as the mass use of social and professional media and the ongoing creation of Big Data, resulting in huge chasms in the 1995 legislation.

Some users have become somewhat paranoid and alert to the dangers of the growing risks and importance of data protection, being the savvy lot that they can be, however, the majority of everyday users (business or social) are still catching up to basic security measures.

A survey undertaken by the EU revealed that 74% of Europeans see disclosing personal information as an increasing part of modern life. But why are people giving away their personal information?

It seems that the most important reason to disclose this information is to access an online service. The most interesting result in this survey is the fact that 26% of social network users and 18% of online shoppers felt out of control of their own data.

What does the General Data Protection Regulation (GDPR) cover?

The legislation named the General Data Protection Regulation or GDPR, includes options such as the ‘right to be forgotten’, new rules on data transfers outside the EU, the implementation of data breach notification requirements and the introduction of much higher fines that are based on the percentage of a company’s annual turnover.

The ICO (Information Commissioner’s Office) explains that under the GDPR, the data protection principles set out the main responsibilities for organisations.

Click here for full access to the ICO website.

The principles are similar to those in the DPA, with added detail at certain points and a new accountability requirement. The most significant addition is the accountability principle. The GDPR requires you to show how you comply with the principles – for example by documenting the decisions you take about a processing activity.

Key principles of GDPR:

 

Coverage Scope

The GDPR covers all data controllers and data subjects based in the EU. It also applies to organizations based outside the EU that process the personal data of its residents.

According to the EC, the definition of personal data covers anything that points to their professional or personal life, including names, photos, emails IDs, bank details, social networking posts, medical information, or computer IP address.

There will be a Single Data Protection Authority (DPA) assigned to each company depending on where the company is located who will report to the European Data Protection Board. They must be appointed for all public authorities and companies processing more than 5000 data subjects within 12 months.

Accountability

Although previous data processing notice requirements remain intact, they must also specify the retention time for personal data and provide their contact information to customers. The Privacy by Design and Privacy by Default clauses in Article 23 mandate that data protection protocols must be integrated into the business development process itself. All privacy settings must be set to high by default.

Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects.

Proof of Consent

Article 7 and Article 8 specify that data controllers must possess a valid proof of consent for processing data and acquire special permissions for collecting the data of children under 13 from their legal guardians.

Instant Breach Alerts

Article 32 says that any case of data breach must be reported to the DPA by the controller within 72 hours of discovering the issue so that all parties involved can be warned about the situation and take precautionary measures.

Severe Sanctions

Instances of first unintentional cases of non-compliance will be doled out written warnings by the DPA. As a result, organisations will also be directed to conduct regular data protection audits. In case of graver offences, organisations may have to cough up a deadly fine up to 1,000,000 EUR or up to 2% of the annual worldwide turnover in case of an enterprise, whichever is greater (Article 79).

Right to Erasure

Article 17 empowers data subjects by giving them the right to request removal of personal data related to them on any one of a number of grounds, including cases where the fundamental rights of the data subject take precedence over the data controller’s interests and require protection.

Portability of Data

According to Article 15, users will also be allowed to request a copy of personal data being processed so that they have the freedom to transmit it to another processing system if needed.

On-premise private cloud solutions such as FileCloud help organisations to keep their data in servers within their firewall, while providing all the flexibility and access advantages of public cloud such as Dropbox. Additionally, FileCloud’s unique capabilities to comply with EU regulations, and features to monitor, prevent, and fix any data leakage across devices (Laptops, Desktops, Smartphones and Tablets).

What should you do if you want to transfer data now?

It has been advised that in this pre-GDPR time, that it is better to just avoid transferring data altogether, even though alternatives have been set out by the EU. A number of solutions have been made available to help with the problem of transfer, such as mobile e-discovery technology, predictive coding technology or e-discovery platforms and predictive coding, which can be used to ensure that relevant data is found quickly and deleted.

Transferring data across the pond looks to remain a complex legal process until the GDPR and Privacy Shield are fully confirmed and in place.

However, the legislations are not concrete and may still change, even after going live. Even more so in the light of Brexit, how will the UK adhere to the GDPR and its new shiny facets? Most people say that it won’t change but let’s wait for the Great Repeal Bill.

With the vast amount of alternatives that are available, it should not be difficult to find solutions to processing essential data during this time of uncertainty and it will hopefully be a progression for all internet/data/app users feeling secure that their data is secure!

Should you love it or loath it?

Love it, of course. As Anders Hilmansson puts it, there is quite a lot in it for you! If you comply with the GDPR adequately and effectively, you’ll have the possibility to achieve breakout performance compared to your competitors, owing to you having a competitive advantage. You’ll have what the Boston Consulting Group calls the “Trust Advantage” (MUST READ this paper): meaning that your consumers will entrust you with more data (compared to your competitors), which will lead to better online recommendations, more accurate targeting, faster development of new products and services, and several other benefits to you and your customers.

In light of the above – and taking into consideration that the value of Europe’s personal data is estimated to grow to nearly 1 trillion euros annually by 2020 – the GDPR isn’t a burden: it means business. (Even if most people currently preaching about the GDPR are keeping this a secret.)

Hope that clarifies it and helps put a bit of perspective

Benoit Mercier

The importance of Big Data

I read an interesting article by Louis Colombus in Forbes on how big data is in the top 5 most disruptive innovations. Based on his research, he quoted that

  • 47% of manufacturers expect big data analytics to have a major impact on company performance making it core to the future of digital factories.
  • 36% expect mobile technologies and applications to improve their company’s financial performance today and in the future.
  • 49% expect advanced analytics to reduce operational costs and utilise assets efficiently

Working in the ecommerce sphere, I tend to agree with Louis’s view and here are the reasons why.

“You can’t manage what you can’t measure”

There’s much wisdom in that saying, which has been attributed to both W. Edwards Deming and Peter Drucker, and it explains why the recent explosion of digital data is so important. Simply put, because of big data, managers can measure, and hence know, radically more about their businesses, and directly translate that knowledge into improved decision making and performance.

The familiarity of the Amazon story almost masks its power. We expect companies that were born digital to accomplish things that business executives could only dream of a generation or few years ago. But in fact the use of big data has the potential to transform traditional businesses as well. It may offer them even greater opportunities for competitive advantage (online businesses have always known that they were competing on how well they understood their data). As we’ll discuss in more detail, the big data of this revolution is far more powerful than the analytics that were used in the past. We can measure and therefore manage more precisely than ever before. We can make better predictions and smarter decisions. We can target more-effective interventions, and can do so in areas that so far have been dominated by gut and intuition rather than by data and rigor.

An HBR article written by Andrew McAfee and Erik Brynjolfsson states that as the tools and philosophies of big data spread, they will change long-standing ideas about the value of experience, the nature of expertise, and the practice of management. Smart leaders across industries will see using big data for what it is: a management revolution. But as with any other major change in business, the challenges of becoming a big data–enabled organization can be enormous and require hands-on—or in some cases hands-off—leadership. Nevertheless, it’s a transition that executives need to engage with today.

1. What is big data analytics?

According to SAS, big data analytics is the process of examining big data to uncover hidden patterns, unknown correlations and other useful information that can be used to make better decisions. With big data analytics, data scientists and others can analyse huge volumes of data that conventional analytics and business intelligence solutions can’t touch.

I have not worked in a business that is not obsessed with analysing data, whether it is customer data, web data, infrastructure data etc. In fact i know that most businesses do because data analyst are very hard to find, and if you are 16 or 18 years old with a good math degree I would seriously consider adventuring myself into this type of role!

2. What has changed in the past 3 years?

Volume

As of 2012, about 2.5 exabytes of data are created each day, and that number is doubling every 40 months or so. More data cross the internet every second than were stored in the entire internet just 20 years ago. This gives companies an opportunity to work with many petabyes of data in a single data set—and not just from the internet. For instance, it is estimated that Walmart collects more than 2.5 petabytes of data every hour from its customer transactions. A petabyte is one quadrillion bytes, or the equivalent of about 20 million filing cabinets’ worth of text. An exabyte is 1,000 times that amount, or one billion gigabytes.

Velocity

For many applications, the speed of data creation is even more important than the volume. Real-time or nearly real-time information makes it possible for a company to be much more agile than its competitors. Now this is where I feel even more progress will be made. Our systems and human nature is to get things faster and faster and faster!

Variety

Big data takes the form of messages, updates, and images posted to social networks; readings from sensors; GPS signals from cell phones, and more. Many of the most important sources of big data are relatively new. The structured databases that stored most corporate information until recently are ill suited to storing and processing big data. At the same time, the steadily declining costs of all the elements of computing—storage, memory, processing, bandwidth, and so on—mean that previously expensive data-intensive approaches are quickly becoming economical.

As more and more business activity is digitised, new sources of information and ever-cheaper equipment combine to bring us into a new era: one in which large amounts of digital information exist on virtually any topic of interest to a business. Mobile phones, online shopping, social networks, electronic communication, GPS, and instrumented machinery all produce torrents of data as a by-product of their ordinary operations. Each of us is now a walking data generator. I work in retail and we are not at the forefront of new technology but we are getting there and beacons are an example of that.

3. Why is big data important? Benefits and challenges

A report from McKinsey Global Institute estimates that Big Data could generate an additional $3 trillion in value every year in just seven industries. Of this, $1.3 trillion would benefit the United States. The report also estimated that over half of this value would go to customers in forms such as fewer traffic jams, easier price comparisons, and better matching between educational institutions and students. Note that some of these benefits do not affect GDP or personal income as we measure them. They do, however, imply a better quality of life.

Out of 100s of ideas, McKinsey believes big data analytics is one of the top 5 catalysts that can increase US productivity and raise thee GDP in the next 7 years. For the retail sector, big data applications covered three areas—supply chain, operations, and merchandising. By creating greater performance transparency, these companies can optimize inventory, transportation, returns, labor, assortments, and more. They estimate that this sector will gain $30-55 billion in GDP through use of big data. In our previous article on 20+ big data examples, we provided links to stories about how Walmart, Sears, Kmart, and Amazon are using big data. McKinsey’s quote that will make my CFO and CEO listen is 60% potential increase in retailers’ operating margins possible with Big Data.

5 key benefits of big data:

1. Big Data can unlock significant value by making information transparent. There is still a significant amount of information that is not yet captured in digital form, e.g., data that are on paper, or not made easily accessible and searchable through networks. We found that up to 25 percent of the effort in some knowledge worker workgroups consists of searching for data and then transferring them to another (sometimes virtual) location. This effort represents a significant source of inefficiency.

2. As organisations create and store more transactional data in digital form, they can collect more accurate and detailed performance information on everything from product inventories to sick days and therefore expose variability and boost performance. In fact, some leading companies are using their ability to collect and analyse big data to conduct controlled experiments to make better management decisions.

3. Big Data allows ever-narrower segmentation of customers and therefore much more precisely tailored products or services.

4. Sophisticated analytics can substantially improve decision-making, minimise risks, and unearth valuable insights that would otherwise remain hidden.

5. Big Data can be used to develop the next generation of products and services. For instance, manufacturers are using data obtained from sensors embedded in products to create innovative after-sales service offerings such as proactive maintenance to avoid failures in new products.

However, not all is that simple and McAfee and Brynjolfsson identified 5 key challenges to big data, which are:

1. Leadership: Companies succeed in the big data era not simply because they have more or better data, but because they have leadership teams that set clear goals, define what success looks like, and ask the right questions. Big data’s power does not erase the need for vision or human insight. On the contrary, we still must have business leaders who can spot a great opportunity, understand how a market is developing, think creatively and propose truly novel offerings, articulate a compelling vision, persuade people to embrace it and work hard to realize it, and deal effectively with customers, employees, stockholders, and other stakeholders. The successful companies of the next decade will be the ones whose leaders can do all that while changing the way their organisations make many decisions.

2. Talent Management: As data become cheaper, the complements to data become more valuable. Some of the most crucial of these are data scientists and other professionals skilled at working with large quantities of information. Statistics are important, but many of the key techniques for using big data are rarely taught in traditional statistics courses. Perhaps even more important are skills in cleaning and organizing large data sets; the new kinds of data rarely come in structured formats. Visualization tools and techniques are also increasing in value. Along with the data scientists, a new generation of computer scientists are bringing to bear techniques for working with very large data sets. Expertise in the design of experiments can help cross the gap between correlation and causation.

3. Technology: The tools available to handle the volume, velocity, and variety of big data have improved greatly in recent years. In general, these technologies are not prohibitively expensive, and much of the software is open source. Hadoop, the most commonly used framework, combines commodity hardware with open-source software. It takes incoming streams of data and distributes them onto cheap disks; it also provides tools for analyzing the data. However, these technologies do require a skill set that is new to most IT departments, which will need to work hard to integrate all the relevant internal and external sources of data. Although attention to technology isn’t sufficient, it is always a necessary component of a big data strategy.

4. Decision making: An effective organisation puts information and the relevant decision rights in the same location. In the big data era, information is created and transferred, and expertise is often not where it used to be. The artful leader will create an organization flexible enough to minimize the “not invented here” syndrome and maximize cross-functional cooperation. People who understand the problems need to be brought together with the right data, but also with the people who have problem-solving techniques that can effectively exploit them.

5. Company culture: The first question a data-driven organisation asks itself is not “What do we think?” but “What do we know?” This requires a move away from acting solely on hunches and instinct. It also requires breaking a bad habit we’ve noticed in many organizations: pretending to be more data-driven than they actually are. Too often, we saw executives who spiced up their reports with lots of data that supported decisions they had already made using the traditional HiPPO approach. Only afterward were underlings dispatched to find the numbers that would justify the decision.Without question, many barriers to success remain. There are too few data scientists to go around. The technologies are new and in some cases exotic. It’s too easy to mistake correlation for causation and to find misleading patterns in the data. The cultural challenges are enormous, and, of course, privacy concerns are only going to become more significant. But the underlying trends, both in the technology and in the business payoff, are unmistakable.

Convinced that Big Data should be part of your business strategy for the next 5 years? If not, you might be heading down the well and your business with it!

Benoit Mercier