GDPR compliance: We need to comply but where to begin?

Florian Douetteau co-founder and CEO of Dataiku

When it comes to the EU General Data Protection Regulation (GDPR), businesses know they need to comply, but aren’t sure where to begin (or don’t think it’s time to start yet).

The GDPR will be officially enforced beginning on May 25, 2018, and while it’s still over a year away, now is the time to get started. Not only should systems and processes to support GDPR changes ideally be in place well before this deadline, but regulations aside, it’s good practice to put data governance measures in place as soon as possible if they don’t already exist, says Florian Douetteau is co-founder and CEO of Dataiku.

The big picture

Taking a quick step back for those who haven’t been paying attention to the latest on GDPR, some of the most important components, put very briefly, are:

    • Application: The GDPR applies to any company (regardless of their location, size, and sector) processing the personal data of people residing in the EU. This means even businesses in the United Kingdom dealing with the uncertainty of Brexit will likely have to comply anyway if they have customers in the EU. And even for businesses strictly limited to the UK, note that the UK government has indicated it will implement an equivalent or alternative legal mechanisms that will be largely similar to GDPR.
    • Responsibility: Under GDPR, both data controllers and processors must comply with the legislation.
    • Data subjects’ rights: EU data subjects will have expanded rights when it comes to data protection, including the right to be forgotten, to access data about them, and to question decisions made purely on an algorithmic basis.
    • Internal record-keeping requirements: Depending on the nature of the organisation, this may also include the appointment of a specific Data Protection Officer (DPO).

Key challenges and resolutions

The GDPR brings about several major challenges that businesses will need to address before the enforcement deadline.

The most daunting of these challenges surround data governance, organisational structure, and cross-team collaboration, including:

  1. Determining where personal data is stored across potentially multiple different siloed data sources. This can be addressed by centralising access to all data (no matter where it’s stored) to one location. There are plenty of tools out there that can easily provide this type of governance and connect to multiple data sources, centralising access to all data (including personal and sensitive data) for the entire organisation.
  2. Aligning everyone across the company (including IT, marketing, customer support, and data teams) on new policies and execution of any changes. Data science platforms can also help facilitate the alignment of teams around a common goal of compliance. When everyone is working with data in the same space, team leaders can keep an eye out, and any violations can immediately be raised and resolved before they expose the company to liability.
  3. Putting processes in place to accommodate requests from data subjects and ensuring all teams can execute on processes in a timely matter. Instituting a central environment where customer teams can self-serve and provide the information for the customer without having to ask the data team will likely be the most efficient method. Logged access so that it’s very clear who fulfilled these requests and when should questions (or an audit) arise is a key consideration for the central environment being used. Robust data science platforms allow the flexibility of using black box or interpretable models depending on the use case, and for the latter, any requests for justification of decisions decided by an algorithm will be simple to field.
  4. Ensuring proper data governance, security, and monitoring are in place in case of audit. If you’ve addressed the previous challenges, you’ve already gotten started: by centralising all data work into one place, data governance and potential audits are easy. Security can be tightly controlled via a data science platform, eliminating the risk of rogue personal data floating around on employees’ laptops on local spreadsheets.

What are you waiting for?

These challenges only scratch the surface when it comes to the changes your organisation might need to make in order to comply with the new GDPR. But centralising and standardising data practices by choosing a data science platform that addresses many components of the regulations in one fell swoop is a great place to start.

And getting started in GDPR compliance doesn’t have to be just something to check off your list – take advantage of the opportunity to streamline your big data strategy and not only meet regulatory requirements, but empower teams across the organisation working with data to become more efficient and scalable.

The author of this blog is Florian Douetteau is co-founder and CEO of Dataiku

About the author:

Florian Douetteau is co-founder and CEO of Dataiku, the maker of the all-in-one data science software platform Dataiku Data Science Studio (DSS), a unique advanced analytics software solution that enables companies to build and deliver their own data products more efficiently.

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Fuzzy Logic raises €2.5mn to put robots in the hands of operators

Posted on: September 21, 2021

The Franco-American start-up Fuzzy Logic announces a €2.5 million seed round of financing from two European DeepTech funds: 42CAP, an industry-specialised German fund based in Munich, and Karista (via the Paris Region Venture Fund), an early-stage VC firm based in Paris.

Read more

US businesses show IoT investment resilience, despite pandemic

Posted on: September 20, 2021

Despite the adversity caused by the COVID-19 pandemic, grounds for optimism remain for IoT spending in the US.

Read more