Data is having an increasing impact on daily life. This impact is sometimes tangible, sometimes subtle and ranges from self-driving cars to smartwatches. However, it’s impossible to ignore that data is taking a central place in how we live.
Traditionally, the consumer market is well ahead in terms of data-driven behavior, but business is catching up quickly. The amount of data we generate has grown enormously which has paved the way for an interesting development in the way data is governed. Specifically, while the quantity, quality and usability of data is driving innovation in the business world, the GDPR is calling for an increase in data minimization.
According to the GDPR, the obligation to minimize data must be carried out by a so-called Data Protection Officer (DPO). When the GDPR was introduced, the DPO was rarely a standalone position within an organization – rather, it was a role that an IT manager or Risk Manager took on. With the growth of both the amount of data under management and the speed at which data protection legislation changes, the DPO position is gradually transitioning into a full-time one. This has caused the number of Privacy Officers in the Netherlands to increase sharply in recent years.
A Privacy Officer usually focuses on a combination of data governance and compliance with relevant data protection laws and regulations, such as the GDPR. Rather than responding reactively to changes in laws and regulations, the Privacy Officer focuses on establishing and maintaining a proactive framework to ensure data protection throughout the organization. The GDPR calls such a framework for privacy protection “privacy-by-design”.
Such a proactive framework is simple in theory but complex in practice. For example, new, incoming data can be properly regulated by means of a standardized process, but this does not apply to historical data that has been in the organization for years. This is especially challenging for financial institutions that have long data custody obligations which can, in the case of mortgages, last up to almost 40 years. These days, technology plays a crucial role in the management and control of this data.