How much Say do You have on the Collection of Your Own Data?

Manipal ProLearn recently conducted a webinar on the General Data Protection Regulations in the wake of the rising incidents of data breaches and cybersecurity concerns. Presented by Felix Mohan, the Chief Executive Officer of CISO Cybersecurity, the webinar covered elements like the process, culture and technology associated with GDPR.

Data profiling

Felix began by establishing that most companies today focus on getting into the skin of their customers. And what better way to do that than understand their preferences and collect personal data about them? When they collect personal data about you, they get to know who you are, the kind of person you are and your likes as well as dislikes. This data analysis gives them the advantage of crafting specific messages aimed at influencing your thoughts and behaviour. Remember the infamous Donald Trump campaign by Cambridge Analytica?  Yes, that’s a result of careful study of consumer data and behaviour, and we all know what it resulted in. That’s the power of data science!

As per IBM CEO Survey, 95% of CEOs stated that delivering great customer experience was the topmost business priority for realizing their strategy in the next five years. This is where digital transformation comes into the picture, which is all about delivering great customer experience. And how do you ensure your customer has an enjoyable experience? By collecting and studying relevant data about them to customize their experience.

The problem

Now, the quantity of personal data being collected is spiralling rapidly and it won’t be incorrect to say that it is going out of control. Naturally, data owners are worried about the unbridled collection of their information and they are demanding protection for their privacy. Increased processing of data is leading to unlawful storage, abuse and unauthorized disclosure of personal data, which is also a violation of human rights. Protection of privacy is of the utmost importance presently. Data owner’s consent plays an important part in ensuring the lawful processing of information, which includes factors like:

Risk management

GDPR has effectively incorporated a risk-based approach to data protection. It mandates organizations to assess the likelihood and severity of the risk of their personal data processing operations to the fundamental rights and freedom of data subjects. Data protection has to be aligned with the level of risk that the personal data processing operations pose to the fundamental rights and freedom of the subjects. The risk levels can be categorized into three broad buckets:

Organizational measures

The organizational measures taken to address these concerns can also be divided into three categories, namely:

• Data processing control
• Communication
• Data subject’s rights

Data processing control takes care of conducting privacy impact analysis, preparing for cross border transfers, training employees and creating awareness about the concept, and lastly establishing roles and responsibilities for GDPR. Communication further takes care of appointing a Data Protection Officer, publishing the privacy policy and statement, and establishing cross-functional governance board for GDPR among others. The last component associated with data subject’s rights takes care of implementing procedures for handling data subjects requests, implementing data processor agreements and implementing privacy by design within the organization.

Data is the way forward, but accessing personal data also comes with a sense of responsibility and accountability, which companies need to follow. Want to know more about the righteous way of using data? Why not begin with ProLearn’s free analytics course?