For GDPR (General Data Protection Regulation, a short introduction is attached below this article), Data Quality and Data Integrity are not “nice-to-have’s” and risk cannot be transferred to another party or mitigated by legal contracts. You’ll benefit by mitigating impact of Data Quality on GDPR compliance by putting these easy checks in place right away.
Your data management Challenges with GDPR
There are multiple authorities who have a say in how data from and of European citizens/or origin is to be treated. GDPR is the European collective body of all national regulators; it is at the highest level and across EU. There are also individual National Regulators and Provincial Regulators whose requirements in their geography can often be different and stringent. For ex., provincial regulator in Bavaria will think differently from one in Amsterdam. Scandinavian regulators are flexible with tax data compared to France or Ireland, etc.
Q. Have you figured out how you’ll operationally manage these differences, which translate into subtly different checks for customer’s in different locations, so as to minimize GDPR violations?
Below are two concrete examples where Data Quality will impact your ability to comply with GDPR.
Managing Consent in GDPR
Per GDPR, consent must be explicit for data collected and for the purposes it is used for (Article 7; defined in Article 4). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn at any time. [2] GDPR-style penalties will apply to wider communications data as well, not just personal data. It applies to meta data, location data, device identifier, cookies, ad tracking and marketing by electronic means (phone, email, SMS, etc.).
Q. Say a customer calls the marketing call center and changes her consent to “do not contact me via email, but phone call is okay.” Will all your systems, including non-marketing ones, reflect that? How will you ensure all systems are updated and in sync at all times? Are you sure you’ll never email her again?
A further complication: validating data for the many, many sub-segments of customers is very complex and error prone. As an example, consider the situation of consent for children, it must be given by the child’s parent or custodian, and verifiable (Article 8). Parental consent for children is different in different countries, ex., Ireland (age <13) vs in France (<16). Like these, there are many other differences even between provinces. How certain are you of your data validation checks?
Right to erasure
Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds including non-compliance with article 6.1 (lawfulness). [3]
Q. If a customer requests on legitimate grounds that their relevant data be erased, will all your systems delete the relevant data?
A record deleted in one system creates “orphan records” in another system, i.e. the same data in some form exists in other systems. How can you be sure all systems are updated and in sync at all times? We have seen that between 10-15% of records in a corporation across all platforms are orphan records, i.e., they don’t have a legitimate reason to exist. Hence, it’s a large GDPR liability for you if such orphan records are found floating in your IT systems.
Solution to Mitigating Impact of Data Quality on GDPR Compliance
These issues broadly fall under the Data Quality and Data Integrity area. Data inconsistencies and errors always creep in over time or as data moves between IT systems. Operationalizing data validation checks is tedious and error prone. Even if you have created and put data validation checks in place, it’s not practical to manage 100’s of validation checks per data source, for 1000’s of data sources, over the future months and years. Many of the validation checks are not valid for ever, i.e., they have an expiry date!
With the use of right tools, like the Gartner and IDC-recognized DataBuck (www.FirstEigen.com/DataBuck), the above challenges can be automatically and autonomously identified before it blows up. It simplifies Data Quality and Data Integrity assurance process from months to just a few days. Powered by AI/ML algorithms, DataBuck learns 75-80% of biz rules automatically from the data itself, in just a few Clicks, without any coding. It tracks and updates the data validation checks continuously over the years so they are always relevant.
DataBuck users benefit by:
- Fewer data errors
- Fewer people to implement (<3)
- Faster to implement (< 10 days), and
- Data Quality is quantified and data can be trusted
REFERENCES
[1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
[2] “How the Proposed EU Data Protection Regulation Is Creating a Ripple Effect Worldwide”. Judy Schmitt, Florian Stahl. 11 October 2012. Retrieved 3 January 2013. https://www.privacyassociation.org/media/presentations/A12_EU_DP_Regulation_PPT.pdf
[3] https://1essexcourt.wordpress.com/2014/05/15/the-right-to-be-forgotten/
Appendix: Overview of GDPR
The GDPR (Regulation (EU) 2016/679) is a regulation by which the Europe intends to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR aims primarily to give control back to EU citizens and residents over their personal data. GDPR extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It also addresses the export of “personal data” outside the EU. Every violation has severe penalties of up to 4% of worldwide turnover. GDPR will go into effect in Europe on May 25th 2018. [1]
According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.” It can be anything from a name, address, photo, an email address, bank details, posts on social networking websites, medical information, a computer’s IP address, church you frequent, your philosophical beliefs based on the books you read, etc.
