FUNCTIONAL SEPARATION IS THE ANSWER TO THE ISSUES RAISED DURING FIMA EUROPE DATA GOVERNANCE & PRIVACY TRACK IN LONDON
This blog summarizes discussions from the Data Governance & Privacy track at FIMA Europe 2018 - Europe’s leading financial data management event with nearly 600 delegates from investment banks, asset management firms and central, retail and challenger banks. I served as Chair of the event. My notes and observations are copied below.
The following issues, discussed during the 27 November Data Governance & Privacy track at FIMA Europe 2018 in London, can be addressed with technology that enforces the EU data protection principle of “Functional Separation” enabling organisations to functionally separate processing of data to detect trends and correlations in aggregate information from the application of insights gained to the individuals concerned:
LOB Opportunities Should Drive Successful Data Governance Programs: successful enterprise-wide data governance programs are best advanced by highlighting commercial benefits to LOBs (Lines of Business) which require governance programs that enable standardisation and scalability of approaches.
The “Carrot and Stick” Approach to Data Governance: LOB benefits from data governance programs (see above) represent the “carrot.” The “stick” is represented by the risk of injunctions ordering immediate termination of illegal processing and large fines and reputational damage from publicised governance and privacy failures. The biggest stick may well be the fact that most historical data was collected using broad-based general consent which is no longer legal under the GDPR. This data is now illegal to possess or process under the GDPR. Encrypting data does NOT make it legal - it simply turns it into encrypted illegal data. Functional separation can provide an answer by transforming data using GDPR compliant pseudonymisation (the GDPR’s form of Functional Separation) to support Legitimate Interest processing as a new alternative (non-consent) legal basis for processing. An IDC report on this very subject is available at www.anonos.com/donotdeleteyourdata.
GDPR Consent Does Not Support Big Data Analytics Programs: Big Data programs involving iterative analysis that are not capable of being described in advance cannot be legally supported using consent because new requirements for specificity and non-ambiguity under the GDPR cannot be satisfied. Legitimate Interest processing is available as an alternative (non-consent) legal basis to support Big Data projects if three tests can be satisfied: (1) Legitimate Interest Test - does the data controller or third party have a legitimate interest in the data, (2) Necessity Test - is is necessary to acquire the data from this source or other options available, (3) Balancing of Interest Test - are technical and organizational safeguards (like Functional Separation) in place to balance the fundamental rights and interests of data subjects against the legitimate interests of the data controller or third party.
Integrate Technology Controls Into Data-Driven Organizations: the only way to ensure that data processing complies with policies and best practices is to leverage “tooling” (like Functional Separation technology) that integrates controls at appropriate stages of the data life cycle.
The Day of General Purpose Data Are Gone: “general purpose data” that is subject only to high-level aspirational policies and written procedures is no longer enough. The GDPR and other evolving data protection laws now require “special purpose data” that reveals only the specific data that is required for each specifically identified person for each specifically authorized purpose. This reflects the combination of Data Protection by Design and by Default, Data Minimisation and Purpose Limitation under the GDPR which may be supported using Functional Separation technology.
Don’t Expose Governance Programs to Turnover Risk: data governance controls should be “baked into data” using solutions like Functional Separation instead of depending on attestations or commitments by individuals who may leave the bank.
Funding Based on Long-Term Business Benefits: GDPR principles provide a longer time frame within which to assess the business benefits of effective data governance programs.
Data Sharing Agreements Are No Longer Sufficient: the GDPR and other evolving regulations now require granular context sensitive controls (like those provided using Functional Separation) that technically enforce data use restrictions previously reflected only in contract-based data sharing arrangements.
Data Teams Must be Brought Into the Discussion: initially GDPR projects were the responsibility of legal and compliance teams, however, it is critical to bring data users into the discussion as soon as possible to ensure that data governance solutions do more than merely “protect” data. Successful data governance solutions must enable ongoing data innovation and value creation.
* * * * *
Anonos' state-of-the-art GDPR certified BigPrivacy technology enforces Functional Separation to overcome the shortcomings of other solutions that were "good enough" prior to the GDPR but now fail to support new requirements for enabling lawful Big Data value. Patented BigPrivacy technology uniquely maximizes Big Data value by enabling legally compliant decentralized processing, repurposing, combination, and sharing of Big Data.
Gartner awarded Cool Vendor status to Anonos BigPrivacy for technology innovation because of its unique ability to create non-identifying versions of personalised data called “Variant Twins” that support:
1. International Transfer, Aggregation and Analysis of Data;
2. Data Sharing & Innovation (Internally & Externally); and
3. Legal Big Data Analytics, AI & ML.
BigPrivacy’s award-winning, GDPR-certified technology creates standardised Variant Twin data assets that can be sourced, curated, combined and shared in a trusted, predictable and legally compliant manner. The ability to standardise and scale data asset utilisation transforms data cost centres into revenue centres by extending the value of data – both internally within, and externally outside, an organisation – to support a whole new ecosystem of value by enabling:
Aggregation of data across jurisdictions and between different legal entities.
Analytics to be processed on protected decentralised data.
Cloud-based processing of Big Data Analytics, AI & ML.
Legal repurposing, combining and sharing of data.
Contact Anonos to learn more.
6 MIN SUMMARY VIDEO FROM FIMA LONDON CHIEF DATA OFFICER CONFERENCE - 27/11/18