The General Data Protection Regulation (GDPR) comes into force today and is the biggest shakeup to data protection rules in decades, forcing companies to make significant changes to ensure GDPR compliance.

Organisations are faced with the daunting task of restructuring all of the personal data they possess in a way that can be easily erased, rectified and accessed—all while adhering to robust security standards. Failure to do so threatens maximum fines of €20m or 4% of global annual turnover, whichever is higher. For some of the world’s largest companies, those fines could hypothetically run into the billions.

As well as providing extra data security to individuals, which been a subject of considerable attention in the wake of the Cambridge Analytica scandal, it is creating opportunities for technology companies to provide services that simplify and secure data management.

Technology may have created the need for GDPR, but many are seeing it as the solution.

Automated heavy lifting: AI-driven GDPR compliance

For larger companies, the volume of data involved with GDPR compliance is simply too large for human management, with many organisations spending “20-30% of their IT budget on compliance audit reporting and preparation,” according to Martyn Davies, director at Rocket Software.

One of the upshots of GDPR is that it is driving innovation in artificial intelligence to provide solutions that can tackle this problem. IBM, for example, has developed an automated system that uses a type of AI known as cognitive computing to scan data caches and index findings. It then automatically completes tasks such as user data requests, which is now permissible under the new legislation.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

AI programmes can also save companies much of the heavy lifting by automating the discovery of sensitive data and risk analysis so that any gaps in compliance can be addressed.

Amit Walia, executive vice president and chief product officer at Informatica agrees, saying that “organisations must take a holistic and automated approach to governance and compliance to help maximise the potential opportunity.”

GDPR makes direct reference to automation, stating that an individual has the right to know when and how it is being used to make decisions when processing their data.

However, according to Rainbird AI CEO Ben Taylor, there is quite a bit of misunderstanding around this “right to explanation”.

“GDPR does not define how automated decisions should be made or what constitutes a satisfactory explanation,” he said. “It simply compels companies to reveal how an algorithm works and the type of data it draws on to make determinations.”

GDPR compliance through cybersecurity technology

Under GDPR organisations must ensure they have robust security in place and are required to report certain types of data breaches to the relevant supervisory authority within 72 hours. Article 32 calls for the encryption of personal data, which has created an opportunity for cybersecurity companies to capitalise on this legislation-driven demand.

“Encryption should be applied to all personal data within corporate systems and, even more so, to information stored and saved on media taken outside the business–such as USBs and portable hard drives,” says Jon Fielding Managing Director EMEA of encrypted flash drive provider Apricorn.

To prevent organisations from holding onto data that they no longer need, Article 5 requires personal data to be stored for no longer than is necessary.

Companies are using technology tools such as Cloud B2B to stay ahead of this, which stores data in the cloud and gives them the ability to allocate dates for documents to be destroyed or reviewed.

Compliance with GDPR location and data sovereignty requirements

GDPR’s data residency and sovereignty laws require data to remain in the country of record in order to protect their citizen’s personal information. Cloud-based services—where data is stored in servers around the world and accessed via a network—has globalised what was once a very local process.

Under GDPR, problems can arise depending on where in the world it is stored and who is looking after it.

One way to meet data residency and compliance requirements is giving businesses the ability to assign a geographical storage zone for individual users’ data. This is something that cloud content management platform Box recently launched with Multizone support, which allows customers to store data in a country of choice.

With regards to data sovereignty, it means that a file will always be sited in the country of record, regardless of the location an employee who is accessing it.

Speaking at the Box World Tour in London, Box CEO Aaron Levie said: “In the world of GDPR, in the world of cybersecurity, in the world of increasing regulation, we have to not just keep information inside of our data centre of our company, but in fact we have to protect the flow of information. We have to know if the content leaving the enterprise has personally identifiable data inside of it.”

While technology may provide a solution for managing data under the yoke of GDPR, for some it shouldn’t be considered a silver bullet. Toby Bryans, Principal Consultant, Finance Practice at global technology consultancy DataArt says that company culture and business processes are more important for GDPR compliance.

“Get those right by understanding how you use data and ensuring your business and staff prioritise data privacy,” he said. “Anyone who is selling a system that claims to solve all your GDPR woes is lying. In data protection generally, good IT only helps once you have a good culture and business processes. Without those you will always be in trouble.”

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up