GDPR compliance: We need to comply but where to begin?

Florian Douetteau co-founder and CEO of Dataiku

When it comes to the EU General Data Protection Regulation (GDPR), businesses know they need to comply, but aren’t sure where to begin (or don’t think it’s time to start yet).

The GDPR will be officially enforced beginning on May 25, 2018, and while it’s still over a year away, now is the time to get started. Not only should systems and processes to support GDPR changes ideally be in place well before this deadline, but regulations aside, it’s good practice to put data governance measures in place as soon as possible if they don’t already exist, says Florian Douetteau is co-founder and CEO of Dataiku.

The big picture

Taking a quick step back for those who haven’t been paying attention to the latest on GDPR, some of the most important components, put very briefly, are:

    • Application: The GDPR applies to any company (regardless of their location, size, and sector) processing the personal data of people residing in the EU. This means even businesses in the United Kingdom dealing with the uncertainty of Brexit will likely have to comply anyway if they have customers in the EU. And even for businesses strictly limited to the UK, note that the UK government has indicated it will implement an equivalent or alternative legal mechanisms that will be largely similar to GDPR.
    • Responsibility: Under GDPR, both data controllers and processors must comply with the legislation.
    • Data subjects’ rights: EU data subjects will have expanded rights when it comes to data protection, including the right to be forgotten, to access data about them, and to question decisions made purely on an algorithmic basis.
    • Internal record-keeping requirements: Depending on the nature of the organisation, this may also include the appointment of a specific Data Protection Officer (DPO).

Key challenges and resolutions

The GDPR brings about several major challenges that businesses will need to address before the enforcement deadline.

The most daunting of these challenges surround data governance, organisational structure, and cross-team collaboration, including:

  1. Determining where personal data is stored across potentially multiple different siloed data sources. This can be addressed by centralising access to all data (no matter where it’s stored) to one location. There are plenty of tools out there that can easily provide this type of governance and connect to multiple data sources, centralising access to all data (including personal and sensitive data) for the entire organisation.
  2. Aligning everyone across the company (including IT, marketing, customer support, and data teams) on new policies and execution of any changes. Data science platforms can also help facilitate the alignment of teams around a common goal of compliance. When everyone is working with data in the same space, team leaders can keep an eye out, and any violations can immediately be raised and resolved before they expose the company to liability.
  3. Putting processes in place to accommodate requests from data subjects and ensuring all teams can execute on processes in a timely matter. Instituting a central environment where customer teams can self-serve and provide the information for the customer without having to ask the data team will likely be the most efficient method. Logged access so that it’s very clear who fulfilled these requests and when should questions (or an audit) arise is a key consideration for the central environment being used. Robust data science platforms allow the flexibility of using black box or interpretable models depending on the use case, and for the latter, any requests for justification of decisions decided by an algorithm will be simple to field.
  4. Ensuring proper data governance, security, and monitoring are in place in case of audit. If you’ve addressed the previous challenges, you’ve already gotten started: by centralising all data work into one place, data governance and potential audits are easy. Security can be tightly controlled via a data science platform, eliminating the risk of rogue personal data floating around on employees’ laptops on local spreadsheets.

What are you waiting for?

These challenges only scratch the surface when it comes to the changes your organisation might need to make in order to comply with the new GDPR. But centralising and standardising data practices by choosing a data science platform that addresses many components of the regulations in one fell swoop is a great place to start.

And getting started in GDPR compliance doesn’t have to be just something to check off your list – take advantage of the opportunity to streamline your big data strategy and not only meet regulatory requirements, but empower teams across the organisation working with data to become more efficient and scalable.

The author of this blog is Florian Douetteau is co-founder and CEO of Dataiku

About the author:

Florian Douetteau is co-founder and CEO of Dataiku, the maker of the all-in-one data science software platform Dataiku Data Science Studio (DSS), a unique advanced analytics software solution that enables companies to build and deliver their own data products more efficiently.

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

Recent Articles

Spike in use of cloud-based security to protect corporate data

Posted on: July 1, 2020

A new survey of UK security practitioners by Exabeam shows a marked increase in the adoption of cloud-based security tools compared to an earlier study carried out in March prior to the COVID-19 lockdown. The latest data shows 88% of recent respondents said the accelerated move to the cloud was driven by the need to

Read more

Telcos must be cautiously aggressive to ‘Roar out of Recession’

Posted on: June 30, 2020

As we approach four months since essentially the entire world went on lockdown, telcos have gone through a very mixed experience.

Read more