Dr. Baljit Sarpal, Managing Director, Sarpal Consultancy, addresses the challenges of European data regulation ahead of his fireside chat on the subject at TM Forum’s Monetizing IoE InFocus event (October 17-18, Amsterdam, Netherlands),
The big questions are:
• Are the European Union’s (EU) General Data Protection Regulations (GDPR) more bureaucratic shackles on business?
• Will they derail digitalization and kill monetization of the internet of things (IoT) and the internet of everything (IoE)?
To take advantage of growing digitalization, individuals are sharing more information about themselves with a larger set of organizations. What’s more, organizations are sharing this information with each other. All of this means enterprises can:
- provide more targeted, personalized offers;
- prevent fraud using big data; and
- deploy data mining and AI analytic algorithms for deep behavioral insights.
Two pillars of unhindered sharing of information and privacy
The EU recognized that to fully realize the benefits of digitalization and build a growing digital economy, businesses and organizations need data to flow freely between them – the “free movement of data”, and what we call the first pillar. The second pillar is the “fundamental rights of the individual to their identity and rights of privacy”. The free and unhindered availability and use of individuals’ data means organizations must respect and protect this data. Historically, service providers made customers to prove their trustworthiness before providing them with a service. GDPR balances the trust scales by requiring the service providers to prove their trustworthiness before gaining access to the customer’s own asset – data.
With digitalization’s opportunity comes responsibility
The GDPR is designed to ensure organizations process and share data responsibly and transparently, and the organizations they share data with are responsible and transparent.
The ethos behind big data is to gather as much data about individuals, their habits and their connections as possible and apply advanced analytics for valuable business insights. This approach of unfiltered and unrestrained data gathering, and the mixing of data, will raise compliance issues for organizations investing heavily in big data. Recently, UK pub chain J.D.Wetherspoon took a step to protect itself against a breach or non-compliance and potential fines, by deleting its entire marketing database. It no doubt deemed it too expensive and cumbersome to implement the necessary security and consent monitoring.
Throwing the baby out with the bath water?
Valuable actionable insights are best obtained from analytics applied to summarized data, which is naturally anonymized, and therefore no longer personal. For example, little meaningful commercial insight is gained from knowing a customer’s exact date of birth rather than their age or age range. These still vital statistics can help understand behaviors and predict future actions.
In scientific data analysis, it is well understood that calculating results to a greater degree of accuracy than all the input parameters adds little value to the knowledge gained. Two people born on the same day, at the same time and into similar social backgrounds will not behave identically at 45 years of age – however they are more likely to behave in a similar manner when looking for summarized trends based on a 40 to 50 year age range. This is because other parameters have greater influence on an individual’s behavior than their date of birth (apologies to all the astrologers!).
Others options to minimize GDPR’s impact on big data include:
- anonymization of personal data;
- segregation of personal and non-personal data; and
- deletion and non-capture of redundant data
GDPR offers opportunity to simplify
The last option means a business should have an accurate view of their business processes and where data is gathered, how it is used and where it is stored. Most large organizations have grown organically and through acquisitions over many decades, and undergone multiple internal re-organizations and operational transformations. This has meant patchy knowledge of complex business processes. But you can fix this by:
- documenting business processes – understand the value of data;
- simplifying business processes – cut out cost;
- ensuring future transformations are business-process focused, rather than domain focused – deliver business value faster; and
- reduce duplication of data – improve transparency and accuracy.*
Don’t miss the fireside chat – Getting Up-Close and Personal with GDPR in Amsterdam!
*Editor’s note: Don’t forget that TM Forum’s Business Process Framework (eTOM) is deployed by operators all over the world to map and assess their business processes and develop new ones! You can find lots of examples in case studies here, including how Telefonica has used across every country it operates in as part of its digital tranformation.