I admit it, mud in my face, I feel I was only off by about 20 years before all companies become GDPR Compliant. Maybe by then I hope I’ve invented true Cognitive AI to remedy all Citizens Personal Data at Risk, or should I say that Cognitive AI has remedied it.
Let’s undergo a Reality Check, an Architectural check, people power expert availability check, legacy applications and vendors check, potential API exit points in current home grown and purchased applications check, latency to digest all corporate data from legacy, laptops, office, big data, IoT and more into a central repository for remediation and catalog / metadata creation wall time check, time to ingest metadata back to legacy and remediate exposed personal data check, Identify, write, apply, test API’s for Point-Of-Sale operations to communicate and allow co-existence of non-encrypted and encrypted data to communicate and work together in the same eco-systems check, ability to decrypt as little data as possible for Analytics, accomplish what’s needed for marketing, pharma and medical studies, predictive analytics and then re-encrypt personal data check, let alone all the other aspects of GDPR from consent, Right of Erasure and, the infamous, Indirect Identifiers (this will in itself take months), check.
With five years of design and construction behind BigDataRevealed, it is capable of discovering and protecting personal data found in a company’s environment, and also addressing many other aspects of GDPR. However, it’s everything else architecturally around GDPR and your ECO-System that may take years to complete before GDPR compliancy can co-existent with your data environment and allow your company to function normally and remain truly GDPR Compliant.
I feel the best the EU GDPR Commission can do in a court of law is to argue if a company has performed a valid and or solid DPIA and if it is making strides towards GDPR Compliancy. If I were to testify in court, I would suggest, that for any company with large volumes of customer data housed in old legacy systems with a mix of new big data applications, that a period less than 2-5 years would be unrealistic to become GDPR compliant, even with the best of technologies that support the GDPR effort. Hence only companies that are blatantly disregarding GDPR requirements, or intentionally violating GDPR regulations for financial gain, should be fined.
Yes, all this coming from a person that has spent millions of dollars to build and bring to market a complete GDPR solution with over 200 API’s that can seriously assist most any GDPR compliancy project. Without technology, only brute force using very many technologists over an extended period of time will make it be possible to become GDPR compliant.
By utilizing varying API’s from BigDataRevealed or other technologies, companies can quickly begin to encrypt and protect most of the personal data at rest in their environment and control streaming data from IoT, social media and third party feeds. APIs from BigDataRevealed will also support the use of encrypted data by Point of Sale applications even from older legacy applications.
In all seriousness, expecting a large company with high volumes of disparate data and a mix of operating systems and databases to become GDPR compliant in just a few years is like asking me at 60 with asthma to run a 26 mile marathon. Convincing a Judge or Jury that it is reasonable to accomplish such a task of achieving complete GDPR Compliance in less than 3-4 years may not be something the EU GDPR Commission will be able to do.
It’s said 50% of American companies need to be GDPR compliant, that’s 15 million plus the EU Companies and the rest of the worlds companies. According to LinkedIn there are 123,778
people with GDPR in their profiles, and 5,202 in their Titles.
BigDataRevealed in this case of the shortage of GDPR Experts can now become the equivalent of the Drone for GDPR Projects fulfilling the needs and Gaps for the shortage of GDPR Experts especially with a solid overall Architecture and project plan and use of BigDataRevealed’s 200 GDPR Specific API’s and at least pick up some of this gaping gap.