Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

Big data means big breaches and needs big guidance

While regulators at best can and must only provide big guidance on the overall IT issues on a moving target. The European Data Protection Supervisor (EDPS), has indicated that their revised legal framework will place extra pressures on people who control data. They need to adopt high standards of verifying consumer's consent to use their information.



There is a built-in conflict when it comes to future IT-Security and data protection mandates, oversight recommendations, and directives. All enterprises need guidance about what all the data they collect can be used for.

Stale data
On the one hand, most data protection requires that personal information can only be processed if the subject has given permission to store it in databases, and cannot be used in a commercial way. On the other hand, we have 'big data' that is almost entirely the opposite of that. Big data stores all data the way it is registered and, therefore, goes beyond reasonable retention policies and in principle cannot be accurate, up-to-date and not kept for any longer than necessary.

Serious data breach
Boardrooms the world over are not excited by the compliance and IT security issues that big data brings. They like structured data of high quality and not just a huge collection of masses of information that could lead to a legal mess for companies in the EU.

The EU Article 29 Working Party explains the legal and ethical questions and how corporations can fit the big data focus on the law. Additional information is available from advisory bodies on data protection and privacy.

The growing interest in big data all over the world is encouraging companies to increase their database that holds tons of data information for valuable future analysis. In addition to Data protection mandates, there is are multiple outstanding risks that a large volume of data automatically creates. Therefore in order to avoid data breach risks, we recommend the Copenhagen Compliance Roadmap and Framework on hoe to manage the data that involves personal information and is subject to data protection law.

Big data raises the ranges of businesses that use personal information in a different way than why it was provided in the first place. The longer the data is held it is more likely to be out of date but is still a breach of the existing law.

Big data significant problems
The new EU regulation is expected to come into force in 2017. After that date companies will have to disclose every data breach, (major or minor) to the oversight or regulator within 72 hours of discovery. Fines for violations can result from extreme negligence for up to 5 per cent of global annual turnover.

The regulator will also keep a publicly available register of all disclosures. Then the company is forced to tell the affected individuals about the breach. Depending on the violation, it can have a significant impact and severe reputational damage.

Therefore review the Copenhagen Compliance roadmap and framework on privacy and data protection, and design your structure, so that big data can provide value and be compliant.

Source: Multiple EU websites, https://secure.edps.europa.eu/EDPSWEB/edps/Cooperation/Art29