Intelligent CIO Europe Issue 01 | Page 62

FEATURE: DATA MANAGEMENT ////////////////////////////////////////////////////////////////////////// FlyingBinary, are Internet of Things (IoT) specialists and have been deploying our IoT technology in the UK since 2012 and worldwide since April 2014. Based on manage that data, including personal data. This self-service approach to GDPR creates a European citizen-centric view of the indexed data that can securely manage not just IN ORDER TO COMPLY WITH GDPR, AN ORGANISATION WILL NEED TO DEMONSTRATE COMPLIANCE TO A REGULATOR AND MEET THE STRINGENT AUDIT REQUIREMENTS. city sectors. At a landscape level, there is a real focus on compliance in each nation state. From our work, we see that GDPR readiness varies across individual sectors, so compliance is likely to be patchy. One interesting change we are seeing as we approach the mandating of GDPR is the interest from outside of Europe. GDPR gives individual citizens more of a say over how their data is used and why. At the same time, it expands the definitions of ‘data’ and ‘processing’, so if you store any data anywhere, you are almost certainly a data controller or processor and subject to the regulation. Companies outside of Europe are now looking closely at the data the challenges we have responded to for organisations, we have seen an additional opportunity as a result GDPR. The IoT requires a new approach to data management, particularly in the security space where we work. The GDPR work for our clients has required us to provide fully managed private cloud services, the same base services required for IoT. A number of those clients have used these GDPR capabilities to start their IoT journey. IoT is an engineering challenge which means few companies supply secured accredited private cloud services in this domain. From a CIO viewpoint, we have been able to demonstrate between two and 60 times return on that investment. This has unlocked a new style of IT provision and a strategic opportunity for the CIO to reorganise an innovation-led agenda. Are European countries likely to take advantage of RegTech solutions? As we approach the implementation of GDPR, organisations are faced with a serious challenge. In order to comply with GDPR, an organisation will need to demonstrate compliance to a regulator and meet the stringent audit requirements. This means that businesses must be aware of where their data is stored and how to index it. FlyingBinary’s answer to meet this challenge is a RegTech service which does not take a transaction-based approach but is focused on indexing all data wherever it might be and providing state-of-the-art analytics to 62 INTELLIGENTCIO personal data, but all data. Importantly, the RegTech service can be demonstrated to an auditor and used to meet the stringent audit requirements of GDPR. RegTech solutions are not focused on the date the regulation is mandated, but rather the next 20 years as we move to leveraging IoT. Regarding take-up of RegTech services, we are seeing traction across Europe which has accelerated as CIOs understand the opportunity in their hands. What do you think the likelihood is of businesses complying with the GDPR requirements and regulations? FlyingBinary have particularly focused on Europe over the last 18 months and we have launched a GDPR compliance service specifically to address the health and smart value chain which may make them a data processor under the new regulation. We have organisations in Asia and America working to prepare for the changes GDPR brings to their use of European personal data. One key area of GDPR compliance that I would like to signal is the need for companies to transform their use of social web data. Companies are using European citizen’s data exhaust from social platforms such as Twitter, Facebook, etc. often as part of customer engagement strategies. In the European Commission, we have not used this data in any projects since early 2017. FlyingBinary has informed consent services, who we deploy for clients, to replace the use of social web data for a GDPR- regulated market. This is an area that seems to have received little focus as part of the compliance preparations. n www.intelligentcio.com