Data is having an increasing impact on daily life. This impact is sometimes tangible, sometimes subtle and ranges from self-driving cars to smartwatches. However, it’s impossible to ignore that data is taking a central place in how we live.
Traditionally, the consumer market is well ahead in terms of data-driven behavior, but business is catching up quickly. The amount of data we generate has grown enormously which has paved the way for an interesting development in the way data is governed. Specifically, while the quantity, quality and usability of data is driving innovation in the business world, the GDPR is calling for an increase in data minimization.
According to the GDPR, the obligation to minimize data must be carried out by a so-called Data Protection Officer (DPO). When the GDPR was introduced, the DPO was rarely a standalone position within an organization – rather, it was a role that an IT manager or Risk Manager took on. With the growth of both the amount of data under management and the speed at which data protection legislation changes, the DPO position is gradually transitioning into a full-time one. This has caused the number of Privacy Officers in the Netherlands to increase sharply in recent years.
A Privacy Officer usually focuses on a combination of data governance and compliance with relevant data protection laws and regulations, such as the GDPR. Rather than responding reactively to changes in laws and regulations, the Privacy Officer focuses on establishing and maintaining a proactive framework to ensure data protection throughout the organization. The GDPR calls such a framework for privacy protection “privacy-by-design”.
Such a proactive framework is simple in theory but complex in practice. For example, new, incoming data can be properly regulated by means of a standardized process, but this does not apply to historical data that has been in the organization for years. This is especially challenging for financial institutions that have long data custody obligations which can, in the case of mortgages, last up to almost 40 years. These days, technology plays a crucial role in the management and control of this data.
The Day of the Privacy Officer took place for the second time at the end of November 2020. The day functions as a platform for privacy protection professionals to look at and discuss the latest trends and developments in data governance. Following a research report on the “Adoption of AI” in the financial services industry, Hyarchis was invited to contribute to the second edition of the Day of the Privacy Officer.
Hyarchis presentation focused on the development of data governance and how this has grown from mainly a “must” a few years ago to a business-critical competence these days. Grip on data and by extension the possibility of actual data-driven decision-making is an increasingly important competitive factor. After all, in a world where data is of increasing importance, the value of managing it effectively is increasing commensurately.