Europe

 View Only

Expediting GDPR Compliance with Artificial Intelligence

By Sarah Levick posted 06-06-2017 12:16

  
Following on from our recent London event on GDPR, I'm pleased to share the following blog from RAVN

The General Data Protection Regulations (GDPR) come into force on 25th May 2018. The Regulations apply to organisations processing personal data within the European Union, as well as those outside the EU that offer goods or services to EU citizens.  Personal data means any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify that person. But what impact will this have on the businesses that the GDPR applies to? In a nutshell, businesses must:

  • Comply with more arduous obligations on how data is processed;
  • Be more responsive to the greater rights granted to individuals;
  • And potentially face greater fines for breaches and non-compliance of up to €20 million or up to 4% of annual worldwide turnover

Before the GDPR comes into force, businesses must review their current processes, understand what personal data they possess, and ensure they can meet their future obligations. But with exponential growth in enterprise data, businesses could have large amounts of personal information, often in varied and unstructured forms, spread across hundreds of different systems. Against this backdrop, attaining GDPR compliance presents a huge logistical challenge.

Solutions, such as RAVN’s ACE for GDPR, can help prepare for GDPR to find personal data and present it back in a meaningful and manageable way.

Areas that Artificial Intelligence (AI) powered technology can help with:

  1. Data Auditing
  2. Subject Access Requests
  3. Contract Review and Analytics


Data Auditing

What personal data do you hold? Where is it? How old is it? Who can access it?  Is it encrypted?  Finding the answers to questions like these and others could take a manual workforce 1000s of man hours.

 AI driven technology is an ideal use case for performing data audits during compliance reviews. Platforms are able to connect to all the data in your enterprise, no matter what platform it resides in. By using Named Entity Recognition (NER), Natural Language Processing (NLP) and other techniques to automatically identify personal data types, for example, name, identification numbers, location data and religious opinions. The technology uses machine learning to automatically classify data according to common GDPR classifications like standard or sensitive data.

Subject Access Requests

Once new and enhanced subject rights come into force, businesses may experience an increase in the number of data requests they receive from individuals. In most cases, the business must respond to these requests within a month of receiving it, so having technology to expedite this work is of paramount importance, and a manual approach may prove too labour intensive. Performing this service quickly is especially important considering how the GDPR prevents businesses from charging individuals to receive the data (unless in certain circumstances), and businesses don’t want to waste too many man-hours on this obligation.

One example of how this process can be made efficient is with RAVN ACE. The inherent cognitive search capabilities in RAVN ACE allows quick expediting of Data Subject Access Requests ("DSAR"). A single interface is provided that will locate information in any system where data regarding the requester may reside. As with the auditing functions, NER techniques are used to quickly identify other personal data (of the people that are not subject to the DSAR) which might need to be redacted.

Contract Review and Analytics

In the build up to the GDPR coming into force, many professional services firms will offer a service to their clients on how compliant the data & privacy clauses in their contracts are with GDPR. Or, the business's own legal function might do this.  Whatever the approach, AI technology can find the relevant provisions within contracts, and extract the relevant provision into a review user interface. With training, it can then “analyse” the extracted provision by either summarising it, or making a judgement of compliance based on pre-defined conditions.

This type of technology can scan through documents and automatically show relevant clauses to GDPR in a distilled format for quick review. It can have the ability to review and amend the information that’s found within the documents, run comparisons, generate reports and export exposed information to other systems if required.

Organisations need to act quickly and start implementing a technical solution to assist with GDPR compliance. Artificial Intelligence solutions remove the laborious task of manually reviewing information and mitigates risk of missing critical information that could be detrimental to your organisation.

 

 

0 comments
601 views

Permalink