Business Intelligence

Rephrased question : What is the level of importance of data privacy compared to the level of importance of data governance? Answer : Data privacy is one of the aspects within data governance. In data governance, simply put, on one side there is a need to ensure data is secure, protected and that it doesn’t fall into wrong hands, on the other side there is a need to ensure that value is derived out of data and data is monetized. Data governance should come up with policies, framework, principles, etc., that satisfies/balances both sides.

Introduction W ith GDPR coming into action on 25th May 2018 some adjustments are required for most of the systems that run in an organization to ensure technical compliance along with several other organizational measures - see  Measures for GDPR compliance for a company , and obviously it's very much applicable for data intensive systems like BI. In this post I will limit the scope to BI solution. If you are new to BI please take few minutes to glance through this page  Business Intelligence  to get a rough idea about BI.  N ow on one side there is no point in building a GDPR compliant BI solution in such a way that it can't be used for business improvement purposes, or for decision-making at all levels in a company, because BI users will eventually stop using it and the system will become obsolete.  On the other hand there is huge risk (both financial and loss of reputation) in building or maintaining a BI solution that's fully in-use but not compliant wi...

Continued from part 1 , now we go more deeper about handling the requests from data subjects. This is explained using the simple flow chart provided below. Click to enlarge B ased on the above flow chart we can now easily list various processes that needs to be carried out by PDRHS. Note that the processes mentioned here are specific to PDRHS with underlying assumption that all other systems are already GDPR compliant. Facilitate reception of various types of requests from data subjects. Store the request. Classify the request as fake or genuine. Verify the identity of the data subject. Collect additional personal details if necessary to verify identity.  Categorize based on type of request. Check the frequency between the requests. Estimate the charge/fee to be applied for too frequent requests. Set the level based on which too frequent requests may be rejected.  Find and consolidate data about data subject. Collect information about automated decision making...

In one of my previous posts ( Measures for a Company for GDPR compliance ) on GDPR topic I listed the measures that a company has to take to ensure GDPR compliance. One of the measures is to implement PDRHS (Personal Data Request Handling System).  In this post I will go into more details about PDRHS. Again, I will limit the scope to companies (exclude public bodies and others).  PDRHS is an abstract of a system that facilitates data subjects to exercise their rights related to personal data. PDRHS is expected to manage the life cycle of data subjects' requests related to personal data. PDRHS in terms of complexity could be anywhere between very simple to very complex, and in terms of automation could be anywhere between fully manual to fully automated solution depending upon the type and size of the company and number of data subject requests the company receives. Companies like Facebook and LinkedIn already provide means to exercise some of our personal data ...

Below diagram provides typical data subjects in the context of a company. Click to enlarge Users are represented separately from customers to differentiate the group that uses a service, software, etc., but does not pay for it. For example Facebook users, LinkedIn standard account users Duolingo users, etc. We as users don't pay to these companies so we are ideally not customers. For all posts related to GDPR see GDPR For rights related to data subjects see How do I as a data subject benefit from GDPR? Disclaimer : I am not a legal expert nor a certified GDPR consultant (not sure if there is one certification yet). I am a data enthusiast (and now GDPR enthusiast) and I like to envisage, conceptualize and design solutions for real problems. All posts related to GDPR are only to present my understanding and to start a good discussion with the audience. As every business is different please consult legal experts to understand obligations specific to your company. For offi...

If you thought that GDPR is all about providing more rights to data subjects and that it's about making it difficult for companies to run businesses then you have not understood GDPR fully. Whether you consider GDPR as an opportunity or as a threat depends on the level of preparedness and your positioning. From my point of view GDPR creates a level playing field for all and thereby helps smaller companies or new entrants. How can companies benefit from GDPR? Some random and disconnected examples of benefits for companies are provided below Companies that plan to build next Facebook or LinkedIn have better chances of getting existing user data from those platforms into their platforms. How? By ensuring that their platform can consume data from Facebook or LinkedIn easily, and informing people about their right to data portability and giving them incentives to exercise that right.  Companies can now compete in the market not just based on pricing but also based on ...

How do I as a data subject benefit from GDPR? GDPR provides several rights to data subjects Right to personal data protection Right to know or obtain confirmation of personal data processed Right to access personal data processed Right to receive personal data Right to data rectification Right to erasure (Right to be forgotten) Right to object to fully automated decision-making / Right to obtain human intervention Right to object further processing Right to data portability / Right to transmit data from one controller to another Right to lodge a complaint with a supervisory authority Right to effective judicial remedy We now have the rights to know Who / Which companies are processing our personal data? What purposes are they processing it for? To whom / which company is our personal data shared? Are there any automated decision-making involved? Where possible, to know the details of the logic involved in the automated decision-making that concerns us.  How...

What is GDPR? GDPR stands for General Data Protection Regulation ( Regulation (EU) 2016/679 )  that came into force on 24 May 2016 and is applicable from 25 May 2018 onwards. For official documentation please check the official website of EU - https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en. From my point of view EU (European Union) has taken a visionary, bold and an exemplary step in creating a regulation that is so comprehensive for personal data protection of natural persons and free movement of data within the EU. GDPR provides more rights to all of us natural persons (data subjects). How do I as a data subject benefit from GDPR? See  How do I as a data subject benefit from GDPR? How can companies benefit from GDPR? See How can companies benefit from GDPR For all posts related to GDPR see  GDPR Disclaimer  : I am not a legal expert nor a certified GDPR consultant (not sure if there is one certification yet). I am a data enth...

What measures should a company take to be GDPR compliant? GDPR is not only applicable for companies but also for organizations like public administration. In this diagram given below I present my understanding of what measures a company should take to be GDPR compliant. Click to enlarge I guess all of the measures, except for the Personal Data Request Handling System (PDRHS), mentioned in the above diagram should be easily understood. I will explain PDRHS in my future posts in this blog. I also plan to cover how companies can leverage existing DWBI tools and expertise of DWBI professionals within the company to implement some of the technical measures. GDPR Compliance Bottom-up approach Click to enlarge Related posts : What is GDPR? For all posts related to GDPR see - GDPR Disclaimer: I am not a legal expert nor a certified GDPR consultant (not sure if there is one certification yet). I am a data enthusiast (and now GDPR enthusiast) and I like to envisage, co...