+
EDITOR’S QUESTION
KEVIN J SMITH, SENIOR VP
AT IVANTI
/////////////////
A
ny way we look at this issue, the impact is significant. As
the legislation was designed to protect the rights and
personal data of the individual consumer, the body of
the regulation is uniquely detailed and broad. Previous attempts
to protect the consumer in the age of ubiquitous information
have been wholly unsuccessful, therefore the GDPR set out to be
necessarily comprehensive in both the breadth and implications of
its full scope. If the legislation itself did not get the attention of a
business and the CIO, the potential penalties certainly did. This can
amount to a fine of 4% of the business’ annual revenue, or €20
million, whichever is greater.
The CIO of an organisation has been forced to implement a series
of new strategies, processes, tools and accountabilities in order
to ensure the full business is compliant, as well as protected from
the significant impact of bad PR in the case of a violation and the
severe fines. This work is likely to be performed working closely with
the CMO and CFO given the legislations’ far-reaching implications.
With regards to the ambitious scope of the GDPR, the following
processes are addressed in detail: territorial scope; consent; breach
notification; right to access; right to be forgotten; data portability;
privacy by design; and data protection officers.
Each of these elements and processes in turn includes significant
requirements and standards that must be strictly managed in order
to meet the appropriate and demanding expectations. In many
respects, the security of data has improved in the past year but only
as a necessary stepping stone to meeting these full requirements.
This is good for the business, but the thoughtful CIO will be planning
further into the future.
Looking more closely at the trajectory of the GDPR, it’s likely that
each of these elements will include unique tools, technologies and
www.intelligentcio.com
processes to ensure compliance. Much of this will fall into the domain
of IT as there is a data foundation to all of this that brings us back
to the fundamental requirement – to protect the information and
privacy of the individual consumer. It is certainly true that technology
has improved dramatically in the past 10 years and this provides the
CIO with a big advantage in undertaking this monumental task. It
simply could not be done without technologies including AI, Machine
Learning and automation.
With the expectation that the GDPR will be refined and extended
over time, the strategic plan of the CIO must include AI and
automation technologies to both ensure the requirements of today
can be met as well as creating a GDPR foundation that will be
scalable and adaptable over time.
There simply is no other way. n
INTELLIGENTCIO
35