Is technology the answer to GDPR? It certainly provides a partial answer, but not the full one.
Technology is not only a partial answer, it is the question too. The General Data Protection Regulation, to become enforceable in May 2018, was made necessary by technology. Rules such as, ‘the right to be forgotten’ or the requirement to report a data breach within 72 hours, would have been irrelevant in the pre-internet era.
But technology can be an invaluable tool for obtaining GDPR compliance, but it does not provide the full answer.
According to The International Association of Privacy Professionals (IAPP) and EY Governance Report 2017: “The second most popular tool for GDPR preparation is investing in technology.”
The report stated: “55 per cent of respondents plan to make such investments, compared to just 29 per cent last year. Among privacy team duties, the use of privacy-enhancing software rose to 31 per cent of respondents from 24 per cent in 2016.”
But how can technology help?
IBM focuses on technology providing GDPR solutions in five areas:
- Security – for example protecting the security and confidentiality of personal data.
- Governance – helping translate GDPR into actions, norms and values.
- Cloud – safeguarding information wherever it resides.
- People, Processes and Communications – training employees on GDPR requirements.
- Data – Governing and ensuring the quality of data, assess what the data is and what it is being used for.
PwC has developed a framework for evaluating GDPR compliance, comprising the five domains of Govern, Identify, Act, Analyse and Secure. And it breaks each of these five domains down further still:
- Govern is broken down into case management, controls management, privacy compliance systems and training.
- Identify is broken down into data discovery, data mapping and modelling and consent management.
- Act is broken down into data security, data management and data response.
- Analyse is broken down into activity monitoring driven by analytics, Omni-channel management and archive management.
- Secure is broken down into network security, applications security and IT infrastructure security.
But technology does not provide a panacea to GDPR compliance, furthermore, there is a risk that too much reliance on technology may lead a company to take its eye off the ball.
PwC outlines ways in which it is hard for technology to offer solutions, namely:
- GDPR is complex and open to interpretation, while technology requires rules to operate effectively.
- Not all companies know where all their data is, even though GDPR requires them to manage all their data.
- What they call shadow IT can disperse data across an organisation making it hard for IT departments to manage it.
- Finding impartial advice on what technology to use is difficult.
To find out more about GDPR check out the next GDPR Summit London