In a recent meeting, Karl Fontanari from CNA International had the opportunity of discussing the General Data Protection Regulation (GDPR), based on 10 questions, with Professor Jacqui Taylor, who is an acknowledged expert lead for the British Standards Institute (BSI).
1. Why do you think so few companies have started to prepare?
JT – Number of factors such as this is regulation rather than legislation and is not aligned to a particular sector and therefore has no specific vertical relevance, such as Finance, Health, Etc. The expectation is that each sector will form a view of the change that needs to be compliant.
2. What could be done by the ICO and others to increase awareness?
JT – Tricky area, ICO has kept a running brief, and they have kept us up to date as expected. However, content for most digital business is consumed from media/social media rather than through trade associations or business networks. Media/Social media content in our web world is short lived e.g. Twitter 18 mins, YouTube 4 hours. However this regulation which allows for a more flexible approach than legislation would, in my view it is an opportunity to create new business and commercial models.
3. What is happening in other EU countries and have any mandated this law yet?
JT – It will be mandated, and therefore can be enforced as a regulation from 25th May 2018.
4. Which industry sectors will be the most affected?
JT – It crosses all industry sectors. It focuses in on personal data and introduces a duty of care. Currently, data in our information economy is used as an exhaust function and governance of the use of data is not carried out in the same way by individual organisations, even within a sector.
5. What should any organisation start to do first?
JT – Primary start point is around the governance of your organisation’s data and knowing what data governance is in place now. This is the start of any organisations preparations for GDPR. Existing governance arrangements for DPA need to be understood and a transition to the new arrangements put in place.
6. How does a company then prove they are compliant?
JT – We have approached this that a demonstration of compliance is necessary. It important that this is done for the entire data value chain in an organisation in order to understand the data which needs to be GDPR compliant. At Flying Binary we have built a GDPR service for Health and we have included a full audit trail capability with an analytics front end to demonstrate compliance.
Although the transition to GDPR can have some manual components it is hard to see how this will be sufficient after May 2018 to support the ongoing data governance requirements. We believe that technology will be needed to demonstrate compliance.
7. Will this regulation become also a BSI/ISO standard?
JT – I have written the BSI standard on the sharing of data and IT services in Smart Cities which includes a decision-making framework for GDPR. This is the first sector in Europe to be enabled for GDPR. Essentially this recommends a maturing of the data governance agenda.
8. What do you think will happen on the 25th May 2018?
JT – For many, it will be just another day as all the preparation will be done. The new focus for those organisations will be to maximise the commercial value of their data governance approach created for GDPR.
Based on our research only 8% of the people in an organisation are empowered in an appropriate governance model. This requires a mindset as well as cultural change with regard to data governance. Fundamentally this regulation is about best practice for data being used in Europe.
9. The DPO is mentioned a lot what are your views and thoughts?
JT – I can understand that organisations would want to appoint a DPO to oversee the transition for GDPR but everyone in an organisation should be accountable for this change. A new governance strategy should ensure that this is a change which involves the whole organisation not just a single individual.
10. Is this for the better or for the worse?
JT – For the better, absolutely, using personal data without regard for the potential harm it can do is wrong. As we approach the Technology Singularity we need to have a more mature approach to data and particularly personal data.
GDPR is this enabler. Information is a huge and powerful capability for all organisations as we move towards the Internet of Things (IoT). At FlyingBinary we have shown 60 x return on investment for our IoT deployments. GDPR can be the groundwork for these new IoT governance models and should form the basis for any organisations strategic roadmap.
Professor Jacqui Taylor – Personal Profile 2017
Jacqui is recognised as one of the 100 most powerful UK entrepreneurs and has been awarded an Honorary Doctorate of Science in recognition of her IoT work.
After implementing a banking regulatory change programme with Web 3.0 tools she co-founded FlyingBinary a web science company which changes the world with data, one of the original 250 TechCity companies. She is a high profile mentor in the world’s number one digital hub, Tech City. Jacqui mentors Founders specifically to accelerate their technology and funding options for growth.
An appointment for the third year as an Independent Ministerial Advisor in the Cabinet Office of H.M. Government recognised her as a web scientist of influence in the era of Big Data and the Internet of Things (IoT). Her company FlyingBinary has been recognised with an IoT international techtrailblazer award. She is personally recognised as one of the UK’s most influential Women in Tech, one of the 34 IoT Influencers on Twitter and one of the 20 global entrepreneurs to watch as part of #GEW2016.
Jacqui collaborated with datajournalism thought leaders to produce her fourth publication, a new PhD primer for journalism using her web science work which connects 34 million citizens across the web. She has articulated the global future of the data journalism industry, she co-founded. As a prominent leader in the Digital Enlightenment Forum, Jacqui contributed a chapter to the European Yearbook and presented a new Trust and Privacy model which will underpin the Future of IoT in Europe. As a Visiting Professor at LSBU she is articulating the contribution of the Internet of Things to the New and Convergent Media domains.
Her company has been successfully awarded all nine frameworks under H. M. Government’s industry leading cloud initiative, G-Cloud and is recognised as one of the 100 UK companies transforming government using GovTech. FlyingBinary’s latest innovations are underpinning Secured European Cloud Services for Big Data and IoT, which implement GDPR and have no reliance on Privacy Shield arrangements.
She is an expert lead for the British Standards Institute (BSI) team with international colleagues on the top level ISO Technical Committee and is the editor for two ISO Smart City standards. As the technical author for the latest British Standards Institute Smart City standard, she has articulated the future role of IoT data and services and their value in the domain.