GDPR and Big Data: The Effects One Year Later |
Posted: July 3, 2019 |
GDPR and Big Data: The Effects One Year Later In the year that the European Union’s General Data Protection Regulation (GDPR) has been in effect, fines totaling nearly 56 million euros have been imposed. Expectations were high that stricter supervision of the ways companies and organizations within the European Economic Area (the 28 EU countries plus Iceland, Liechtenstein and Norway), as well as the hefty fines issued when GDPR conditions were breached, would effectively maintain the personal data security of individuals within EU and EEA state borders. And while there’s little doubt that GDPR has encouraged tighter control of data handling, there’s still some debate on whether the punitive measures waged against offenders actually guarantee better control. This is likely due to GDPR’s lack of clarity regarding how compliance is achieved. There are seven key elements to GDPR, each detailing what companies and organizations must provide regarding the personal data they collect, use and store. However, there are no clear directives for how to execute each one. Observance of the regulations has been left up to each organization to determine itself. The predictable outcome: confusion, with some over-reporting suspected breaches and others failing to do it at all. Of particular concern is how companies and other institutions verify GDPR compliance as they share information internationally with countries outside GDPR jurisdiction. Rather than figure out the process for validating GDPR procedures in these types of situations, many agencies are opting to forgo any type of partnership for fear of being fined if they transfer data in the wrong way. For instance, an EU university wanting to collaborate with an American one now has to anticipate address and resolve data privacy as mandated by GDPR even though the United States doesn’t. And it doesn’t matter the kind of data being shared, either. Sensitive medical information to be used for a clinical study is no more protected than the findings from online bulletin board research that’s slated to be used in an advertising campaign. Data is data, which Google (a U.S. company) found out when it was fined 50 million euros this past January after a French privacy advocacy group complained that it was not transparent on how data from users was being used and had also failed to adequately gain consent to utilize users’ personal data for targeted advertising. Unfortunately, inhibited ingenuity might continue to be the real price paid for GDPR compliance — at least until organizations begin incorporating data security measures from the ground up. Too many organizations continue to see GDPR as an impediment, viewing its standards as something to address reactively instead of proactively. GDPR has great potential, but only if organizations can rely more on real time data analytics and less on long-term data storage, anticipating ways to capture insight, not maintain it.
|
|||||||||||||||||||||||||||||||||||||||||||
|