GDPR and data regulation in the EU and beyond
The GDPR focuses on the individual rights of EU Citizens concerning their personal identifiable information (“PII”) and establishes data protection principles (“Principles”) over how this PII is managed by whoever holds and uses it.
The principles are effectively an EU wide mandate to restrict how businesses and organisations gather and use information on individuals, as well as increasing the pressure to improve safe-guards when it comes to data handling and protection.
In today’s connected world, wherever data is held, there is always a risk of processing errors or loss of data. This risk occurs whatever the form, or content, of the data.
The GDPR widens the definition of PII, significantly increases the rights of individuals and places greater strategic responsibility on those who decide how and why the data is to be used (aka Data Controllers), and greater operational responsibility on those who process the data (aka Data Processors).
It is not just in the EU where this new regulation is having an impact. Businesses outside of the bloc, like those headquartered in the US, that do business in the EU and hold information on its citizens are also required to comply with GDPR.
This upcoming change is being taken very seriously by large-multinational corporations, particularly in the US, with research by PwC revealing that more than half of US based multinational businesses view GDPR compliance as their top priority.
The same research also found that more than three quarters (77%) are planning to spend at least $1m ensuring they meet the requirement of GDPR.
Despite the Brexit vote, GDPR will play a significant part in future data protection in the UK with a newly unveiled Data Protection Bill ensuring GDPR is implemented essentially in its entirety into UK law.
Even if this was not the case, UK companies that do business with EU citizens, would still be significantly impacted by GDPR, just like Companies all over the world who trade in the EU, and hold information on its citizens.
The rest of the world is taking considerable note of the penalties of failing to comply with GDPR, which could be as high as 4% of annual global turnover or up to €20m, whichever is higher. Jurisdiction issues may at first appear to provide a haven but the presence of assets, like subsidiaries, within the EU make the threat of these penalties real.
To put the new penalty regime into context, a US headquartered company like Apple with worldwide revenues of $216bn could, in certain circumstances, face a fine up to $8.6bn.
Ethical use of data
Businesses all over the world which sit on a goldmine of personal data, which can be exploited to their commercial advantage, using ever improving data analytics technology, now need to consider the ethical use of data.
GDPR has brought this into focus, particularly where this involves EU citizens. With more businesses operating across borders, this new law will likely increase standards of data protection across the world. It may become a benchmark for individual nations to further develop their own data protection laws and regulations. In the meantime GDPR will be one of the biggest challenges to businesses operating globally for decades.
Individuals rights like the right to be forgotten, the right to be informed, the right of access, the right to restrict processing, amongst others, have been enhanced under GDPR, so it is worth re-visiting your procedures to make sure you’re protected.
Even if your business is not headquartered in the EU, if you wish to trade and hold information on EU citizens, your approach to GDPR must soon become part of your IT strategy.
Ian Smith, Financial Director & General Manager of Invu
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”