3 August 2023
GDPR – AUDIT AND REGULATION OF PERSONAL DATA
REGULATORY FRAMEWORK
The General Data Protection Regulation (GDPR) applies to any business that collects, stores, and/or uses the personal data of European Union (EU) residents, no matter where the business is located.
This ensures:
- Protection of personal data for all EU citizens
- A simplified and streamlined legal framework for the processing of personal data
- Increased corporate responsibility
The GDPR requires organisations to guarantee that their data complies with the following principles:
- Only store data needed for the function
- Obtain user consent
- Right to be forgotten
Violation of the GDPR rules can result in a fine of up to 4% of the company’s revenue.
HOW TO SIMPLIFY THE IMPLEMENTATION OF GDPR WITHIN COMPANIES
Systems using AI are often the target of scrutiny. As we know, the misuse of AI can lead to risks of discrimination, resulting from a flaw in the design of the algorithm, or more commonly from the use of biased or unrepresentative training data. To avoid such risks, data processors need to be aware of the issues (models based on past references), share them widely internally, and implement safeguards to ensure fair and balanced models.
The most difficult data to verify is unstructured data such as emails, texts, etc. because they are scattered in IT management systems.
Intelligence and analytics management (IAM) tools help identify personal and sensitive data. Consistent with corporate governance, determining the data’s location is the first step in a data regulation strategy.
AN EXAMPLE OF IAM: UNSTRUCTURED DATA THAT IS IDENTIFIED USING SEMANTIC ANALYSIS
Some of this data may be part of the company’s files, whereas other data may not be there legally. Depending on the possibilities of internal and external access to these databases, it can be difficult to check them. It is therefore important for the company to regularly check whether all data present is authorised or not, under penalty of punishment.
SOLUTIONS FOR COMPANIES
OPPSCIENCE’s IAM platform, and more specifically its semantic analysis module, makes it possible to search, analyse and structure large amounts of information from multiple sources to transform it into actionable information.
- Indexing and localisation of data
- Identification of data via structured analysis, thus keeping authorised data only
- Identification of sensitive data via semantic analysis
As a result, the company can take all necessary steps to remove inappropriately stored personal data and implement governance to prevent similar negligence from happening again.
The intelligence OPPSCIENCE’s IAM brings to issues such as GDPR improves the quality of data used to help make the right decisions.