Hilary Wandall | january 31, 2017

Maximizing Data Utility Under GDPR

Anonos-BigPrivacy-Article-TrustArc-2.pngTrying to solve a problem, determine the optimal course of action or make a critical decision in the absence of meaningful data not only is frustrating – it can yield undesirable outcomes. It’s like driving without a map or hiking without a compass, let alone precise GPS. Or, like trying to communicate with a friend, whose last name you don’t remember how to spell, without a phone number, email address or Twitter handle.

In recent years, many business leaders have realized that connected devices, systems and sensors are generating more and more data that can be invaluable to making better business decisions. Yet, they still are deciphering how best to leverage all of the data to drive better business decisions. With impending compliance obligations under the GDPR, they may forfeit those data opportunities if they don’t implement solutions that enable ongoing authorized use of those data.

Last month, I blogged that privacy leaders can be business enablers by supporting the business in maximizing net data value in two key ways: (1) partnering with other data leaders in the organization to establish an integrated approach to data governance that enables data benefit and risks to be evaluated in a holistic way, and (2) driving consistent evaluation of the value and costs associated with the acquisition, storage, use and re-use of data.

This month, Mike Hintze and Gary LaFever published a white paper, Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics in which they tackle the new frontier of “data protection by default” under Article 25 of the GDPR. The concept of data protection by default permeates the regulation and expands upon traditional notions of data minimization or minimum necessary data to prescribe – subject to fines up to 4% of global revenue – implementation of technical and organizational mechanisms for ensuring that only the specific personal data necessary for each specific processing purpose – whether collection, scope of use, length of storage, or accessibility – actually are processed. Hintze and LaFever present a compelling case for companies to proactively implement a robust technical approach to the GDPR’s data protection by default requirements in order to both maximize data value and minimize compliance risk and liability.

As privacy professionals, we spend countless hours with business teams identifying and classifying data elements, determining the processing purposes and the legal basis for any proposed processing, evaluating data retention periods and proposed data transfers. We create data inventories and data flow maps in order to determine whether data minimization, proportionality and onward transfer requirements are met. We are startled when the hours fly by and our analyses are ongoing, and we recognize that the only way we can support goals like maximizing net data value is to rely on technology to scale our work, make it more efficient and ultimately, more effective. With GDPR’s data protection by default requirements in just 15 months, we can no longer put off plans to implement new technology to help us comply.

Fortunately, Hintze and LaFever present solutions based on a concept of “controlled linkability” that refines data so that it can be used for a range of purposes while preserving privacy and protecting the data from unauthorized processing. Controlled linkability thus facilitates extraction of the full value of data, enabling both GDPR and other regulatory compliance as well broad data utilization. In order for businesses to preserve and enhance the value of their data beyond the next 15 months, however, the time to plan for effective implementation of these technology solutions is NOW.

Since so many businesses rely on big data analytics, as increasingly artificial intelligence, to fuel innovation and growth, it has become essential to know how to ensure compliance in a way that allows your data assets to be utilized. Hintze and LaFever are sharing about their approach today in an IAPP webinar on “Unlocking Big Data Value Under the GDPR” featuring Gwendal Le Grand, the Director of Technology and Innovation of La Commission Nationale de l’Informatique et des Libertés (CNIL). You can learn more at www.anonos.com/bigprivacy.

This article originally appeared in TrustArcAll trademarks are the property of their respective owners. All rights reserved by the respective owners. CLICK TO VIEW CURRENT NEWS

Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.