How are the new GDPR privacy regulations going to affect companies’ Big Data?

Here at Bismart, we want to help our clients get as much value out of their data as possible. That’s why we can’t ignore the fact that companies working with big data are going to face major changes starting in April 2018, when the European Union’s new GDPR (General Data Protection Regulation) comes into effect. These regulatory policies will lead to huge changes in how companies collect and manage European citizens’ personal data.

Companies must be aware of the major changes that are in store with the new GDPR regulations. As providers of technological solutions, we’ll help our clients ensure they are in compliance with how they use data.

The sanctions for failing to comply with the new regulations are not to be taken lightly. Fines may be imposed of up to 4% of your annual turnover or up to 20 million euros (as a maximum, in both cases), depending on the severity of the situation.  

When it comes to Big Data solutions, users’ data isn’t always obtained in a voluntary way, and the user may not even be aware of it happening.There are new types of data, which are classified as observed data, derived data, and inferred data. Where does this data come from? It can come from sources that can be publicly accessed, like sensors (IoT), cookies, and can also be generated by machine learning algorithms and analytical methods.

Regardless of the complexity of the analyses they conduct, all companies must comply with the new European rules for data protection. If we use consent or legitimate interests as a legal basis for the use of personal data for Big Data analysis, we must comply with all the conditions established in the GDPR.

It may be particularly difficult to comply with the new requirements regarding minimization and data retention. That’s why companies that do large analyses of data must clearly define the objectives of their analyses right from the beginning. They must also guarantee that the personal data collected isn’t excessive and is relevant to those objectives.

At this point in time, what do we recommend our clients do?

  • Start by developing a process to evaluate the impact of privacy on your big data projects to help identify the privacy risks and deal with them appropriately.
  • Anonymize personal data when such information isn’t required for the analysis being conducted.
  • Adopt a focus on privacy by design when developing and conducting data analyses.
  • Be transparent as to how data will be used in big data analysis, and add in privacy notices at the appropriate stages in a big data collection project.
  • Develop ethical guidelines that reinforce the key principles of data protection.
  • Implement internal and external audits of machine learning algorithms to verify if there is any bias, discrimination, or error.

In any case, this data transformation must be undertaken with caution in order to guarantee that clients’ data conforms with regulations. Both precision and quality of data are crucial to any Big Data project. If any Big Data analyses are conducted on inexact information, machine learning algorithms could make mistaken or unwarranted conclusions.

This is a complex topic, and to ensure that the transition to complying with the new regulation goes smoothly, companies should seek legal and technical advice as soon as possible. While we do not provide legal advice, we’re here for you when it comes to the technical side. If you’re considering making a change to your Big Data practices or require new projects as a result of the new regulation, and want to meet the new challenges head on right from the start, you can count on us.

Questions about the technical requirements of the GDPR regulations? Get in touch with us.

LEAVE A COMMENT