16 / 07 / 2019
Don’t Believe the Hype: Data Privacy Myths are a Ticking Time Bomb
BUSINESS COMPUTING WORLD - MAURICE COYLE, CHIEF DATA SCIENTIST AT TRUATA, DISCUSSES THE MYTHS AROUND DATA PRIVACY
The extent to which business analyses and acts upon its data can have a massive impact on its bottom line and ability to stay competitive in the marketplace. New data privacy regulations have added a further layer of complexity that presents businesses with a conundrum: how can we use data to our advantage, while maintaining consumer trust and complying with data privacy laws?
It may be that the sheer volume of hype around GDPR and the ensuing torrent of online ‘guidance’ has overwhelmed and confused businesses. But however it happened, many businesses now fall into one of two equally unfortunate camps. Either they fail to make the most of their data, which is a valuable asset that could drive their business forward, or they run the risk of reputational damage and incurring fines or other sanctions for breaching data laws.
The result? The worst of all worlds – companies are not realizing the full value of their data while consumers don’t trust those very same companies to handle their data responsibly. Even worse, popular myths surrounding the GDPR mean some well-intentioned companies who are attempting to respect the data rights of their customers are operating under a false sense of security and may come under regulatory scrutiny. This is terrible – both for brand value and for business.
But it doesn’t have to be this way. If businesses get a grip on the facts of GDPR rather than the myths and realize that it’s perfectly possible to crunch data and still comply with the law, they can put data and analytics to best use and greatly enhance performance. Even better, they can do this without fear of regulators and their punitive powers, or of alienating their customers by being accused of abusing their trust.
The risks of using personal data
A key requirement for analytics is historical data, but identifiable personal data is tightly controlled under GDPR. Not only must businesses have a legal basis such as consent from the data’s owner to process it, but they must also make sure that any consent received is for a specific purpose. And they may need to obtain fresh consent for each new purpose with separate legal bases required for analyzing data and targeting customers, for example. Consent as a legal basis is not necessarily a good fit for analytic purposes because of these constraints.
This is every bit as challenging as it sounds and consent rates below five percent are not unusual, leaving many companies with seriously patchy or incomplete data sets.
As a result, the outcome for businesses is often poor. Not only is a huge percentage of data missing, but there is also an inherent bias between data owners who give consent for processing and those who do not. This, combined with a shorter data horizon caused by strict data retention periods under GDPR, generates an inevitable adverse impact on data analytics.
Genuine anonymization is the key
Analytics conducted using truly anonymized data is not subject to privacy laws. But the bar has been raised on what is considered anonymized. To achieve “true anonymization”, businesses need the right expertise and data-handling infrastructure. Beyond that, there are plenty of myths around the anonymization of data that also need to be navigated.
Click here to learn more about the Truata Anonymization Solution and its benefits.