To get there the regulation has multiple demands and a lot of literature has already been published on this subject.
Collected data must be proportional to the planned use, which has been expressed openly and fairly to the Internet user.
This requires a strong cooperation between various departments. Collecting departments maybe far away from using departments. And this cooperation must start at the initial point and time of collection, respecting the Internet user so that he/she understands the usage and the methods applied. Similarly this collected data has a declared time frame and must be destroyed after this period. Here again this calls for a tight coordination between departments. This is the result of an organisation culture that respects its various stakeholders.
Similarly it will not be possible to collect personal data “for the sake of it” without putting in the loop and beforehand various departments (Legal, IT, marketing and sales)
A very sensitive point is the question of data portability and data erasure, which are explicit points of the regulation.
In order to be able to return to the Internet user the whole of its data (btw Facebook and other GAFA can do this today) either to destroy or to transfer it towards another player, the IT architecture needs to be very clear and homogenous, ideally in a single unified database. This is not the way organisations usually operate. Through their history, they have added up systems partly or totally siloed because it was easier and more cost effective to deploy or that was the technology that was available at the time.
One of the heavy tasks within the project is the audit of where are the personal data, how to rationalise this and how to potentially destroy them upon request. This will be a lengthy and costly process. Companies will probably frown at this expenditure. This is real short-term (spend) vs. long-term (customer’s trust) debate. The lawmaker has privileged the long-term.
This article was written on 19 Oct 2017, and is filled under Point of View.
digital, digital governance, Facebook GAFA, lawmaker, regulation