Because companies have been unsuccessful in protecting the privacy of consumer data entrusted to them, regulators have begun implementing privacy rules like GDPR (the European Union’s General Data Protection Regulations) to ensure consumer protection. The old way of devising a program that uses incremental adjustments to data protection mechanisms already in place will be insufficient to meet the requirements of these regulations. The purpose of this writing is to share some of the attributes of the solution required to meet the scrutiny of regulators as defined in GDPR.

The major factors that need to be included in a sound data privacy program are as follows:

1. The underlying environment used for protecting data must be able to handle a plethora of data formats and structures.  Many companies utilize the big data environment for this purpose because it is ideal to handle a variety of data formats and structures.  However, the big data environment introduces additional security issues that must be included in the privacy assurance environment to be effective.
2. Those intent on maliciously accessing your data will come up with ways to access your data that you have not thought of.  Building walls around your data, particularly when it flows in your environment, to cloud hosted environments and platforms augmenting your environment is extremely difficult if even possible and requires a sound foundation that will not be accomplished using bolt-ons to existing environments.
3. Selecting an expert to steer clear of solutions fraught with risks is a sound approach.  The expert will most likely augment your environment with additional tools and techniques devised to identify the housing of privacy data, deriving a mechanism for protecting that data, which will most likely include some encryption mechanism, and defining a series of software solutions that access encrypted data without exposing the encryption methods and keys to would be hackers.
4. Learn from the mistakes made by others in attempting to protect their data from would be hackers.  Using the well-publicized writings about the direction of the pure digital companies (Facebook, Google, Netflix, etc.) and the more recent data breaches (Equifax, Mariotte, Wells Fargo) and ensuring that you avoid the same rabbit holes that they went down would be prudent in your end solution. If your industry has trade associations that spotlight data privacy assurance as one of its discussion groups, participating in that group will be a prudent method of uncovering the issues you have not previously thought of.

Data privacy is something that is critical for your organization to participate in the digital economy and should be treated as a cost of doing business. Your digital presence counts on the availability of consumer data, and because companies have been unwilling or unable to devise the original strategies necessary to assure protection of the data harvested from consumers, regulators have found it necessary to augment fines for those continuing in band-aiding insufficiently thought out approaches.  Whether you use the fear of fines augmented by regulators or the fear of losing the ability to harvest consumer data, it is time to take the design and implementation of a holistic approach to assuring consumer data privacy seriously.

BigDataRevealed was organized originally to shore up the deficiencies in the big data environment with respect to easily identifying the contents of the big data environment and being able to derive analytics against this environment without significant amounts of coding.  We have found that this approach fits ideally with the requirements of privacy assurance programs like GDPR and have augmented our big data metadata-catalog with the capabilities to protect consumer privacy data more easily than other approaches.  We look forward to sharing with you our approach and why we believe that there is little alternative to using our approach or something similar.

Contact us at 847-440-4439

#GDPR #Facebook #Data #Privacy #Protection #PII #Data Protection #AWS #AWS S3 #Azure #Hadoop #Apache