Companies can often leap into big data and analytics projects without always having a solid understanding of the compliance requirements for the data they want to collect and process.
This is particularly true of smaller companies which are less likely to have sufficient knowledge of the issues around personally identifiable information (PII), or the necessary resources in place to manage them.
Even in cases where in-house IT teams do have that knowledge, other employees may not fully understand the requirements and could start to analyse or process information outside of the original remit of the project. Data gathered for HR processes, for example, could be taken and repurposed for supporting automated decisions that directly affect staff, such as hiring, promotion or termination.
With locations around the world, larger companies do not escape these problems, in fact, they grow in complexity. The larger the data set being analysed, the larger the costs associated with the compliance requirements.
Even in the EU, where there seems to be a single set of regulations, each state has interpreted them in a different way. A data controller needs to understand these locale-specific rules and not just the EU-wide requirements.
No comments:
Post a Comment