Posted on: 24/01/2020
The development of the internet and the subsequent evolution to hyper-connectivity have resulted in massive amounts of data being created every day. Lately, businesses have turned to this big data to understand their customers on an unprecedented level to ensure they market their products and services in the most favourable way and increase the likelihood of attracting their target markets interest. However, there are many hidden dangers in using big data, especially with the implementation of GDPR, and the increasing societal values of transparency and morality in business procedures.
Everything online now generates data. Every online interaction, click-through, and transaction leaves a digital trace, and businesses look to collect that data. In 2018, mankind was creating 2.5 quintillion bytes of data every single day. Online retailers like Amazon have a wealth of information about every single one of its users: their profiles, search histories, the sentences they highlight on their Kindles, all of it is processed by algorithms to predict their future patterns from their current ones. Algorithms like Amazon’s and Facebook’s are now used to monitor urban infrastructure, including traffic lights and public transport, where people can respond to information in real-time. Businesses are now able to capitalise on the implementation of algorithms and use them to connect to their audience more effectively.
Algorithms aren’t the only way to use this data. Businesses collate it to gain insight into their customer’s behaviours, attitudes, wants and needs. This allows them to then formulate a cohesive, strategic marketing plan that will resonate with their audience. Data is extremely valuable to businesses. But the inherent issue with collecting it means that businesses are also liable for its use, storage and protection. Mishandling it, even accidentally, could not only cost a lot of money but also harm businesses reputations.
Businesses often collect a vast amount of data, but around 90% of it goes left unused, which comes with huge risks. This unused data can be broken into three predominant types: legacy, dark and duplicate.
Legacy data is outdated, to the point of being useless. It’s too old to be accurate, which means that the inadvertent use of this data can imply to customers that the business operates on outdated insight or can translate into poor service. This can have a severe impact on customer relationships.
Dark data is the masses of data that businesses are unaware they have collected. It’s stored but not known or analysed. This data not only impacts businesses by the cost of storing it, but also with the security and compliance risks associated with storing it. Any security breach of this data can cause serious damage to customer’s confidence and can result in huge fines. The collection of this data could also be non-compliant under GDPR, which could result in further legal issues.
Duplicate data, repeated copies of stored data, isn’t always easy to find but could cost money and other resources. It also makes it harder to ensure the security of this data if it can be located in various areas that may not be as secure.
GDPR was created to provide EU citizens with more control over the information held about them online. It focuses on transparency regarding the data collected, allowing people to choose whether or not they consent to the collection, use and storage of their personal data. The regulation details new rights that citizens hold in regards to their data, how it is collected, used, stored and any changes or deleting of the data. Non-compliance with the regulation could result in massive fines. Google was even issued a £50m fine from France’s data protection office, as the global technology company was found to have broken laws involving forced consent for the use of data.
Mitigating the dangers of mis-using data means not just optimising the use and security of the data but the best practices for collecting it. Only useful data should be collected, used and stored in compliance with GDPR.
Ellenbrooke, a part of Exemplas, provides consultancy on GDPR Evaluation of Compliance. Through the one-day GDPR ‘evaluation of compliance’ visits, Ellenbrooke’s Certified GDPR Practitioner helps businesses to get a clear picture of the law and compliance required, understand where business risks are in relation to the data they control and/or process, and make recommendations for any action required. Ellenbrooke also provides support for other Information Security standards including ISO 27001, IASME, and Cyber Essentials and has been helping businesses to implement and maintain certified management systems for over thirty years.