‘Big data’, you hear the phrase but do you actually understand what it means?
Big data is basically a large collection of information, more specifically – ‘data sets’.
The capabilities of our devices that we use, the development of technology, the ability to diagnose or cure an illness is all down to data sets. Big data is the essential gathering of information to function, grow and survive but capturing that data can be intrusive at times – that is why the GDPR is essential.
Continued growth and availability of data
Every time you fill in an online form, the social media postings that you do, the places you go where sensors detect your identity, you are creating data sets which in turn become ‘big data’. As the world evolves there will be a never-ending capture of data. Data is everywhere, we store, analyse, share, transfer, query, visualise and update data. It literally is mind-blowing if you think about it too much.
The data snowball
Big data is a bit like a tiny snowball as it rolls down the mountain. As it turns, it picks up the freshly laid snow and it goes from a tiny ball to an enormous rolling mass of white, ready to make the biggest snow person ever! Like that mass of snow, big data needs to be held together. Collecting data can be a risky business and now with the implementation of the GDPR, stricter rules apply.
Installing the new data protection rules gives people privacy and protection. The rules create a framework by which to regulate data processing, big data, artificial intelligence and machine learning. When it comes to protecting data, data breaches or data leaks, it doesn’t matter about the size of a business that is handling the data, we are all answerable for what we do with people’s personal information. That’s the big corporate organisations, the small-medium businesses and the sole traders.
Cyber attacks and insecure networks
The more data you have, the bigger the risk so when it comes to big data the structures put in place to deal with data protection have to be secure, more so than ever before. There are many threats to businesses that store data, cyber attacks and insecure networks are a major concern.
We recently did a case study about the company Level One Robotics. They have been involved in a big data leak for over 100 manufacturing companies. The leak was discovered by the company Upguard who revealed that Level One Robotics was exposing data through an insecure rsync server. Read the case study here. **Insert link
Death by data…
If your business stores big data the last thing you want is death by data, to be fined extortionate amounts of money and your working career be in pieces around you – dramatic but true.
How can you minimize the risk when storing big data?
To reduce the risk of a data leak there needs to be a procedure incorporating several factors:
- Where is the data pulled from?
- How much data is being used?
- Who needs to access the data?
How do you manage your data?
- Are you using the relevant data management for your type of organisation?
- Are you doing data audits?
- Have you incorporated a data lifecycle, retained, archived or deleted?
Whether it be big, medium or small – any data collected has to be dealt with in the same way
- Centralize the data – this makes it easily manageable
- Automate data management to reduce the risk of human error
- Measure success and adapt – see what works well and implement it wherever necessary
Big data, automated processing and the GDPR
The GDPR has provisions on automated processing of personal data to evaluate certain things about a person. The new data protection regulations applies to all automated individual decision-making and profiling. The GDPR has additional rules to protect individuals if automated decision making is done for them, you can find out more information in Article 22 of the GDPR.
If you handle big data through an automated processing system like a CRM, use the following checklist to make sure you are taking the necessary steps to be compliant with the GDPR:
- You have a full understanding of Article 22 of the GDPR
- You have a lawful basis to carry out automated processing and it is in your data protection policy
- You notify people of your privacy statement when you get their personal information indirectly
- You explain how people can access the details created in their profile and how they can ask you not to profile them
- You have processes in place to protect certain individuals such as children
To get a full understanding of big data, automated processing and the GDPR, go to the ICO information page.
One of the most common things we see in businesses is the fact that a lot of employees have access to data that they don’t really need. Make sure your employees only have access to what they require to perform their job role, reduce the risk of a data breach with smart thinking.
Here at be.Infoready we handle a lot of data, we have procedures in place and data processes are ongoing.
How are you dealing with the GDPR? Do you feel in control of your data handling?
We can assess and advise you.
The be.infoready service offers eLearning training for organisations and their staff to understand data protection and become GDPR compliant. be.infoready unravels the legal jargon and puts data protection into a real world context.
be.infoready is borne out of real-world experience in the management of data protection best practice and compliance, delivering a training experience that is:
– clear, concise
– online modules
– real world examples
– training management
– records showing proof of training
Contact us if you would like to discuss any of the topics that we cover in our articles.