The EU’s new General Data Protection Regulation comes into effect on May 25, 2018. The preliminary draft of the complete revision of the Federal Act on Data Protection (FADP) has already been published. In both cases, compliance duties and sanctions for non-compliance will be increased. From a technical vantage point, Knowledge Management not only increases innovation, but is also useful in meeting the regulatory duties and minimizing risk. How do you combine the unpleasant with the useful?
Knowledge Management
A Knowledge Management system that provides an overview of aggregate data and its content streamlines compliance with data protection regulation. Data referring to a person is identified more quickly and classified into the appropriate category; for example, relevancy to the business. Not only is the duty of disclosure met more easily, but corrections and deletions are easier to execute. Private and confidential data unintentionally entering business infrastructure through various ways can be identified and will be disposed of as though it were toxic waste.
Identity Management
Identity Management will be a key factor alongside Knowledge Management. It is the basis of pseudonymization and Privacy by Design. State-of-the-art identification uses surnames or email addresses containing name components. If they are linked to relevancy to the business data, deletion is difficult or even impossible. In practice, there are countless authentication mechanisms besides Single-Sign-On (SSO) that all too quickly become challenging to manage.
Data economy, Data Policy, Data Regulation
At the SwissHoldings event ‘Datenwirtschaft, Datenpolitik, Datenregulierung’ on January 30, 2017, three panels comprising corporate and government representatives discussed future data protection regulation. The audience heard numerous controversial statements. This is common at this stage of a legislative project. We agree that innovation must not be impeded. However, in view of the steep sanctions and obligations to combine data, we are concerned because that is what Big Data and Machine Learning is all about. The resulting innovation is difficult to grasp through conventional patterns of thought. That informational self-determination will be valued more highly is to be welcomed. Hopefully, it will be possible to integrate some intelligent ideas before passage of the bill, so that it’s not just a simple increase of duties and steeper sanctions.
