GDPR compliance: how data analytics can help | EY
Can advanced analytics help organizations make the transition to a new era of data privacy and protection?
The arrival of the EU General Data Protection Regulation (GDPR) on 25 May 2018 ushered in a whole new era in global data protection and privacy, with a diverse range of new rules and regulations that apply to any company that handles the data of any EU data subject. It’s important to note that this doesn’t just cover EU-registered companies; any business that deals with EU customers is affected.
The rules include restrictions on processing and sharing the data of EU residents and the requirement to notify relevant government regulators or agencies within 72 hours of a privacy breach. The GDPR grants data subjects several core rights to access and control their data (i.e., “right to be forgotten”). Violating these rules could expose companies to substantial fines — up to 4% of a company’s total global turnover or a flat €20 million fine, depending on whichever is higher.
The GDPR, and other data-related legislations, including China’s Cybersecurity Law, Australia’s Privacy Amendment Act and South Africa’s Electronic Communications and Transactions Act, will transform the global landscape of data protection and privacy. Organizations across all sectors will need to keep pace with the rapidly changing regulatory landscape.
It may come as a surprise, then, that only 33% of respondents to EY’s 2018 Global Forensic Data Analytics Survey said they had a plan for the GDPR. A further 39% said that they had no idea what the GDPR was. With the new regulation coming into force in just a few weeks, it is clear that urgent action is required.
Can forensic data analytics (FDA) help?
What is FDA?
Today’s businesses are drowning in data — it permeates everything, from customer records, to logistics networks, to internal IT systems. In just a single hour, a major company can generate millions of transactional records. IDC forecasts by 2025 the global datasphere will grow to 163 zettabytes (that is a trillion gigabytes).1 “Another way of thinking about it is that if you took every book ever printed throughout history (estimated at about 130 million individual titles), today we produce that same amount of content almost 1,000 times every second, or 80 million times per day!”
If staying on top of this ever-growing universe of data isn’t sufficiently demanding, external factors can appear — such as litigation or new regulation — that require companies to know exactly where the data being requested can be found. There’s a story about needles and haystacks that jumps to mind.
Here’s where FDA comes in: by querying and analyzing structured and unstructured data, FDA helps companies identify patterns of data, or information deduced from multiple data sources, that deserve closer attention for risk control purposes such as compliance monitoring. Advanced FDA technologies can enable companies to scan the entire relevant data set, instead of having to rely on sampling that may not always give you the complete information.
For instance, a company that suspects it has been the subject of insider sabotage could apply FDA tools across multiple sets of data, such as network access logs. Management can then initiate investigative procedures if the analysis identifies suspicious patterns.
Think of it as a sieve that can sift through huge troves of data and give managers what they need to do their jobs in a timely and precise manner.