How changes in data regulations have inspired a digital revolution
In 1989, when Tim Berners-Lee sent a memo to his boss with the suggestion of a system which fellow scientists could use for sharing general information, he had no way of knowing the ways in which it would grow and whether it would ever even come into being. In fact, initially, his boss was not even invested in the idea, saying that it was exciting but also vague. Instead of waiting for boss to become invested in the project, in 1990, Berners-Lee took it into his own hands and started writing the code for the World Wide Web.
Thirty years on, the original purpose of the World Wide Web has shifted and developed to meet the needs of the growing proportion of the population who have access to the internet. Simultaneously, the dangers associated with the WWW, such as cyber security and privacy, have also increased, as a result of the sharing and storing of data online by both individuals and businesses alike. This increase in data shared by individuals with firms, presents a real challenge to the firms for which, data plays a large part in their activities. The main challenges that firms face include, data loss, data theft, targeted attacks and data breaches.
As a result of contemporary discussion on data and privacy, there is a significant issue of how firms can securely manage the information they hold and to what extent is holding information ethical. In order to present clearer guidelines relating to use of individuals’ data, in April 2016 , the General Data Protection Regulation was adopted by the EU and by May 2018 the act was enforceable. It sets out principles for the lawful collection, organisation, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure or destruction of personal data. However we must consider that not all firms are affected equally by these regulations.
Those whose business activities require a large amount of data will face far greater challengers as to how to navigate them effectively. When in 2018, Thomson-Reuters carried out a survey across 9 countries they found that 79% of firms had found it more difficult to meet Data Privacy Regulation since GDPR took effect, compared to 72% of firms in the last survey they carried out pre-GDPR in 2017. The main issues complying with GDPR that they describe include having difficulty keeping up with fast-changing data privacy regulations and many businesses finding GDPR compliance more difficult than expected.
Fortunately for these firms who might struggle, the World Economic Forum says that ‘rising concerns around data privacy can drive a welcome revolution in today’s data economy’. These tech movements they refer to focus on: ‘design with people in mind, design for trust and accountability, aim for better social outcomes, achieve sustainable growth’. In order to comply with data use regulation, many firms would benefit from seizing the opportunities provided to them through tech. solutions and automating their data protection processes. By replacing their manual labour and eliminating the possibility human error, firms would greatly reduce the risks associated with processing data.
Of course, the first step in automating data protection processes is actually identifying all personal data used and stored across the firm and the GDPR report suggests that firms could use tech systems to do this much more quickly and efficiently that manual labour could. In April 2018, three quarters of SMEs still had paper records containing confidential customer information. I would suggest that digitisation of these is a significant example of a challenge that could actually present an opportunity to become more efficient.
Opportunities such as cloud services are simple, easy to manage and low cost, make data analysis much easier and therefore help a firm operate much more efficiently. However we must consider whether cloud platforms create additional unnecessary risks to firms compared to traditional storage methods. For example, in recent years there have been cases of confiential cloud content being leaked, such as the Dropbox case in which 60 million password were leaked. So there is no doubt that using these systems could actually make firms more vulnerable.
When discussing the use of confidential data, we must of course consider who should have access to it. A key part of GDPR is the right of data portability-essentially a firm must be able to provide individuals with a copy of their personal data that they hold. In addition to firms manage access to data for their customers, it will also be important to manage access to the data internally. Some sources say that as many as 25% of data breaches are ‘caused by careless, negligent or malicious insiders with legitimate access to systems’. One tech movement which provides an opportunity for firms to overcome this issue is scanning solutions.
Another digital technology which could reduce the risk surrounding data is a system which detects and analyses past, current and potential privacy threats. Terbium Labs uses a unique formula to detect when confidential information has been breached or trafficked on the web, including the dark web and even social media. Their method means that they can search for breaches without actually accessing personal data- ‘enabling both the company and customer data to remain private and secure’
To summarise, it is evident that GDPR has posed serious challenges to the firms for whom data is a daily part of their jobs BUT the digital revolution that has developed as a result of these struggles is helping firms overcome these challenges by using digital technologies to simplify tedious tasks so that workers can use their time better more effectively while reducing the dangers of data processing. However, as these technologies develop, it will be interesting to see whether they start to create challenges of their own.
