Businesses are continuously striving to leverage data-driven insights or competitive intelligence, the concept of developing an organizational “data culture” will gain prominence. Data and data analytics will continue to play key roles in global businesses of the future.

According to the article Why Data Culture Matters: “Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.” Data culture being an integral part of the organizational culture can “neither be imported nor imposed.” It has to develop organically within an organization.

This being said, the question of consumer privacy has been at the forefront of discussions, especially when technology platforms like data lakes started facilitating easy access to both structured and unstructured data. Data consumers increasingly grew suspicious of businesses knowing too much about them through their personal and social data, which gave rise to a silent friction between enterprise IT and consumers.

With the growing number of data channels — like mobile, social, web, and offline — the privacy challenge is monstrous and with a little data breach here and there, the problem can suddenly trigger a worldwide consumer revolution. No, consumer privacy is not something that can be taken lightly; it’s about the rights of billions of consumers all over the globe.

Advanced Data Management activities like Data Strategy, Data Stewardship, Data Governance have reduced cyber threats or inside attacks for global businesses, but have they been able to make consumers happy?

By avoiding or neglecting consumer privacy rights, businesses risk big penalties and loss of business reputation. Google lost face after being fined GBP 44 million for breaching GDPR laws. So, What is a Data Protection Impact Assessment and Why Should Organizations Care? looks at the Data Processing Impact Assessment or DPIA, which surveys the data protection rights from the point of view of the data subjects. The data controller is always the one responsible for conducting the DPIA to assess the risks involved in granting rights and freedom to the data subjects.

Regulations to Govern Consumer Data Privacy Rights  

Businesses must rely on data, especially now with the emergence of smarter technologies to manage data every day. The flip side of the data story is data protection, which has become an increasing concern of businesses following several high-profile incidents of data beaches.

Although all business data need to be protected from misuse or theft, consumer data has special status in the data-privacy world. Businesses absolutely cannot compromise the personal data of consumers or they may risk losing their businesses altogether.

Implementation of stringent data protection laws was long overdue. With a firm eye on the privacy issues surrounding consumer data, the European Union (EU) launched the General Data Protection Regulation (GDPR) laws in mid-2018. GDPR set standards for data collection, data sharing, and data analysis, failing which, European businesses face harsh financial penalties as well as loss of business reputation. GDPR is designed to protect the EU citizens’ privacy rights.

The general sentiment was that GDPR paved the way for consumer’s right to privacy in European nations, but the United States should also come up with their own version of consumer-privacy law to protect both U.S. and global consumers.

Closely related to GDPR is the position of a data protection officer, (DPO), a necessary addition to all business setups to avoid non-compliance lawsuits or stiff penalties. In fact, GDPR enforces hiring a DPO to protect the data privacy issues in data management processes. The DPO is expected to be an authority on GDPR laws.

California passed the California Consumer Privacy Act (CCPA) in September 2018, which will go into effect January 2020. The CCPA triggered the creation of similar laws or acts in at least 16 other states. GDPR and CCPA provide consumers’ right to know what types of information businesses collect about them, their children, and through which devices. Although the basic objectives of both the privacy laws are similar, the assumption that compliance with one grants compliance with the other is absolutely wrong.

The general belief is that as more countries and U.S. states create their own versions of data-privacy laws, more and more regulations may evolve in the future. If businesses breach any of the data-privacy laws active in their local region, they will face harsh penalties.

Initial Business Reponses to the Idea of a GDPR

The initial reactions to the idea of a GDPR were quite negative, as evidenced in this Financier Worldwide article. A study conducted by Ipswitch indicated that back in 2015, over 77 percent of British companies viewed GDPR as a major hurdle. In 2016, a published Finnish report indicated Finnish companies that lacked knowledge about extracting value from data, and complying with data regulations was a hindrance to achieving Big Data benefits. Nonetheless, by the time GDPR was implemented in mid-2018, the EU managed to convince the EU business owners and operators that GDPR was conceived to benefit businesses through information management. 

Smart Data Discovery Enabling Data Regulation

To remain compliant in this increasingly regulation-driven landscape, business owners and operators need automated solutions. Smart data discovery is an advanced data-exploration capability that helps all types of business users to remain data compliant. The smart data discovery platform enables full compliance with data regulations through an AI-driven data catalog displaying data flow, data redundancies, and sensitive data. As a DZone article indicates, it is imperative that all U.S.-based businesses implement a smart data discovery strategy before the year 2020 and CCPA set in. 

One of the biggest benefits of smart data discovery platforms is that they will empower citizen data scientists with tools to prepare data, analyze data, and share data without the risk of breaching any data-privacy laws or acts. This will certainly be a welcome change from days when the average business user had to depend on the support of an IT or Data Science department staff to conduct advanced data analytics tasks.

Smart data discovery empowers the citizen data scientist with tools to analyze data and generate reports without having any technical skills, and without violating any data privacy laws. On the flip side, smart data discovery frees up valuable work time for actual data scientists who were bogged down with the routine data preparation tasks that are now automated by smart tools.

Some data discovery tools, complaint with CCPA, use machine learning algorithms to trace what the law refers to as “personally identifiable information,” or PII. The law seeks to identify “personal data” stored in “business databases, data warehouses, data lakes, or in the cloud.”

Gartner announced that by 2018:

“Smart, governed, Hadoop-based, search-based and visual-based data discovery will converge into a single set of next-generation data discovery capabilities as components of a modern business intelligence and analytics platform.”

So here comes smart data discovery to prepare business operators for an era of strictly governed Data Management activities. In another article, the author differentiates between the requirements of HIPAA, the current personal data protection laws operative in the healthcare industry, and the requirements of GDPR.

Image used under license from Shutterstock.com