Don’t Let an Overly Authoritarian GDPR Approach Drive Users to Go Rogue

As daunting as GDPR can seem, there are also beneficial aspects to it. Most notably, having a single standard across Europe to comply with.

My teenagers recently discovered Pink Floyd’s “The Wall” album. Its anti-authoritarian themes unsurprisingly continue to resonate with new generations of young people.

I’m tempted to tell my kids that with adulthood comes lots of new rules and controls, but I doubt they’d be convinced. In any case, I wouldn’t want to dampen their enthusiasm for rock royalty.

In my world of data and analytics, control and structure are valuable ‘bricks in the wall.’ These elements of data governance help keep data secure, private, trustworthy, even ethical. These bricks became the foundation for the GDPR legislation that went into effect on May 25th.

As daunting as GDPR can seem, there are also beneficial aspects to it. Most notably, having a single standard across Europe to comply with, instead of many different ones moving at different speeds. Even for companies not doing business in Europe just yet, I encourage them to start introducing systems, processes and policies now. Your business will continue to grow, systems will get more complex, and everyone is figuring out what GDPR really means. It will be never be easier to comply than it is today.

A delicate balance

However implementing data governance these days is a delicate balance. A relaxed approach will certainly appeal to libertarian ‘kids’. It could also result in costly fines and reputational damage. But beware of swinging too far in the other direction. An overly draconian strategy can wind up being even more risky, prompting users to find their own technologies and work-arounds.

Risks become greater where younger workers are concerned. According to a report by PwC entitled Millennials at work: Reshaping the workplace, “Millennials expect the technologies that empower their personal lives to also drive communication and innovation in the workplace. Fifty-nine percent said that an employer’s provision of state-of-the art technology was important to them when considering a job, but they habitually use workplace technology alongside their own.” Essentially this means that if you restrict access to data too aggressively these days, you can count on a percentage of your employees to ‘go rogue’ in order to meet their goals.

One size policies and processes do not fit all

When setting GDPR policies and processes, the most important thing to remember is that one size does not fit all. It’s tempting to replicate other companies’ practices, but the ones you read about most are the Ubers and Facebooks of the world whose main “product” is personal data.  Striking the optimal balance between control and autonomy depends very much on your business model, internal risk strategy, stakeholders and customers. I urge you to take the time to peruse the legislation and interrogate key stakeholders in every part of the business it impacts. Whatever you do, don’t rely solely on advice in articles and blogs from me or anyone else!

Fortunately when it comes to choosing the right analytics system to support GDPR, you no longer have to choose from two problematic extremes. Modern application architectures give users a high-control experience, while governing data appropriately behind the scenes. Google is the perfect example: it gives users the experience of total freedom to search on anything, but sophisticated algorithms are continually tuned in the background to curate the answers it serves up. This is partly to prevent people and organisations from gaming the system and gaining unfair advantage.

GDPR and Algorithmic Transparency

Modern analytics applications are taking this further by giving business users Google-like freedom to search on corporate data but providing transparency to show how answers are generated. This is particularly important in cases of, say an insurance company whose agents are obliged to explain to customers how premium rises are calculated.

GDPR will make it increasingly necessary for organisations to provide algorithmic transparency to consumers, or ‘data subjects’. Different parts of the GDPR legislation cover peoples’ right to know how their data is being used. Crucially, where automated decision-making is concerned, data subjects have the right to access “meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.”

This transparency is also important to ensure that all internal stakeholders using an analytics system gain trust in it by understanding exactly how it makes decisions. Excel endures in the enterprise despite being a relatively crude, archaic tool that propagates siloed, subjective data because, if nothing else, it’s completely transparent. Users know exactly how it arrives at its calculations. The only way to wean people off Excel to more powerful, enterprise-scale analytics tools is to retain that transparency.

There’s no escaping the fact that you’ll need to invest some time and resources making sure your policies and processes are tailored to meet the needs of your business. Fortunately, modern business intelligence and analytics systems are addressing issues relating to good data governance and providing transparency essential to GDPR compliance directly in the architecture. This means buyers are no longer faced with two stark options: the anarchy of Excel ‘hell’ and over-authoritarian, complex tools that drive the kids away.

Originally posted by Computer Business Review