Assessing the impact of GDPR on traditional data management practices
GDPR changed the way organizations across the world think about, store and handle data. Approaches that were once “cut and dry” now have greater complexities as organizations aim to stay compliant while adopting new practices such as machine learning and artificial intelligence.
With privacy entering the public discourse and new privacy laws and regulations such as the California Consumer Privacy Act (CCPA) being enacted, organizations, and most importantly data science teams, need to constantly reevaluate their practices.
As this new wave of data awareness sweeps through the industry, what are some of the biggest changes that have impacted traditional data management practices?
GDPR’s requirement of data transparency causes major hurdles for data science teams - especially for machine learning applications. The challenge is that most accurate ML models typically employ deep learning and deep neural networks that are operationally opaque.
While the ideal ML application should work in the background and not be “seen,” being able to explain how the data is used and how results can be determined often requires data science teams to rethink the algorithms and the training data to ensure compliance with data protection and privacy obligations.
Under GDPR, organizations need to be aware of the volume of data they keep and continuously review with an eye to reduce the amount of data they hold. To adhere to data protection and privacy obligations, they must also identify what personal information they hold and what purpose, if any, this data continues to serve for the organization.
Over the next few years, organizations that do not revise their internal data retention processes (as well as policies) to reduce the overall data held, and by extension, the data that is backed up, archived, and maintained, risk huge fines for non-compliance as well as the resulting impacts associated with a potential data breach.
Additionally, as organizations undergo digital transformation, the sharing of data across the enterprize has become a critical step in a project’s success. This is especially true as teams adopt DevOps mentalities and Agile methodologies for their work. Nevertheless, while this free flow of data creates efficiencies and accelerates the velocity of data, it also opens new risks for data misuse and loss.
Since GDPR was enacted, risk and compliance issues for privacy remain at the top of the agenda for all organizations. While the initial work to achieve GDPR compliance may have been outlined and established, organizations need to continuously improve their efforts in this area while juggling other impending regulations locally and around the globe.
By being aware of the state of regulatory issues, teams will be able to continue to be innovative with how they use underlying data while still having the processes in place to remain compliant. This will become increasingly complex as more regulations are enacted, making it critical to stay current in an effort to protect business-critical data, while being ready for an audit at any moment.