GDPR Starts To Bite
Aingaran Pillai, CEO and Founder Zaizi and Government Board member for Tech UK
At a Westminster eForum event last week, a consultant from Fujitsu told the room that he’d recently been chatting with a CEO who was given serious consideration to resigning his post. Why? The lack of readiness and understanding of GDPR.
I don’t doubt that the CEO he was speaking to is alone in his thinking. The regulation has many facets and there is not one solution that magically makes you compliant. It’s a complex beast to break down. And yet, one year from today companies will be held accountable for how they secure and govern data. The fines, not insignificant, are designed to scare corporates and governments into action.
GDPR is all about data. And if your data is broken, then so is your strategy. With the countdown now on, here are some key issues that central and local government organisations and authorities need to consider:
1. Being Transparent With Citizens
The fiasco last year involving the NHS and Google DeepMind was a big learning curve for Government regarding data consent and one public sector bodies can learn a lot from. The two partnered to use machine learning to analyse images for signs of diabetes-related sight loss but they failed to notify patients that their data was being used, causing a huge uproar. What they discovered was it doesn’t matter how good the cause or intention is. People want to know in no uncertain terms where, what and how their data is being used.
For data sharing to become a boon rather than a burden, people need to feel like their data is in capable, safe hands. The recent WannaCry Ransomware incident only makes the public more aware that much investment is still to be made in data security. Therefore, an open dialogue between departments and the public is the only way forward as we shift towards an ever-increasing digital world.
2. Data Learning
On from the need to be transparent, also comes a need for education. As human beings, we don’t trust things we don’t understand. If citizens had a better understanding of technology, it would tear down the barrier of understanding data. Therefore, government departments need to educate people on why data innovation is important and what it entails.
This could be done through workplace initiatives in private and public sector whereby digital skills courses become mandatory and the bigger picture of data usage is outlined. This education would benefit government departments’ privacy teams in becoming more proactive in scanning for risks and threats and sharing best practices with the rest of the organisation.
3. A Different Approach To Data
Ultimately, GDPR is going to require a completely different approach than currently exists when it comes to data architecture. Government is going to need to think more strategically about where data is held, in which systems, if the correct user permissions have been applied and inconsistencies eliminated.
To do this, someone needs to have oversight across all departments to ensure a standard approach and reduce the risk of non-compliance. Data officers are already emerging within government, but their role needs to be wider ranging and lines of responsibility clear. Shared resources have not always worked well, but this should not deter the government from establishing a Chief Data Officer.
4. A Problem Shared Is A Problem Halved
Talk to your peers. This simple point is often overlooked. Go to networking events and conferences. Discuss and share pain points and find out how other public sector bodies are preparing for GDPR. The amount of knowledge I’ve gained over the years by hearing from others and how they deal with challenges is immense.
Additionally, there are so many free resources available. For instance, Nesta worked with Camden to benchmark best practice for local governments and have produced a comprehensive report named Wise Council: Insights from the cutting edge of data-driven local government which highlights the best uses of data in UK local council.
These examples include data-informed social workers, open data portals, sensors which tell gritting vans where there is snow and ice, and plastic frogs which record data about damp levels in people’s homes. There is no point reinventing the wheel, see what worked successfully for others and adapt it to your department.
5. Bring In The Experts
As mentioned, GDPR won’t be an easy task. And public sector bodies should acknowledge they don’t have to do it alone, there are many experts who specialise in data management and have the right open source tools to do the heavy lifting in a fraction of the time.
Right now, GDPR can feel onerous, but in the long term it will be a win-win. Citizens will be happier and government will not only become more streamlined, but also more dynamic. This is a fantastic opportunity to be more innovative. Broken data has plagued government initiatives for years; GDPR opens the door to a new era of data-driven government. As the saying goes Carpe Diem.