William Webster

written by

William Webster

Researcher, Avoncourt Partners GmbH

Culture Blog - Oct 9, 2018

AI’s perfect compatibility for EU’s GDPR

Thousands of different applications for artificial intelligence (AI) have been developed for all types of industries. Some have enjoyed widespread utilisation across sectors, such as using the processing power of AI to analyse big data for gaining customer insight. Other applications are still in testing modes, like deploying driverless cars. And amidst the discussion around AI, one element of modern business is generally overlooked – compliance and governance.

Caucasian man sleeping in autonomous car. Self driving vehicle.

GDPR setting new standards

Credibility and ethical standards for business behaviour have become in some scenarios more important than business viability itself. One high-profile example is the European Union’s General Data Protection Regulation (GDPR) that came into effect on 25 May 2018. Every organisation worldwide, irrespective of their national headquarters, will have to comply with GDPR if they hold or collect data on European citizens. Fines of up to €20,000,000 or 4% of an organisation’s annual global turnover, whichever is greater, will be the result of failure to comply with GDPR.

Compliance challenges

Compliance is a continuous process for businesses, and the regulatory requirements across most industries are constantly evolving. This is especially true in heavily-regulated sectors such as financial services, and even more so for initiatives in effect such as GDPR. This has already significantly impacted governance and compliance for personal data storage.

Barriers to international trade are much lower in modern business, which means that many organisations conduct business in multiple countries across the globe. Each country and trading block, such as EU, has its own regulations and requirements for remaining compliant. This poses a challenge to international businesses in tracking compliance according to each country’s standards. And it is a significant challenge for those hit by GDPR.

Many organisations continue to manage their compliance and governance functions manually. They use no more than an Excel spreadsheet to stay on top of increasingly complex regulations. “Manual” approaches to governance and compliance can leave an organisation vulnerable to rapidly changing circumstances. They raise the risk of facing enormous penalties for non-compliance.

Security concept

GDPR expectations

Protecting what traditionally has been considered personally identifiable information (PII) -people’s names, addresses, government identification numbers and so forth – that a business collects and hosts is just the beginning of GDPR expectations.

Organizations must expand their data governance expertise, understanding all the systems in which personal data is located and all the interactions that touch it. Knowing not only the original instance of the data but its entire lineage and how it is handled across the complete ecosystem is critical to ensure that security is applied at all appropriate levels and to quickly detect any points where an individual’s data may have been compromised in the event of a breach.

Moving these initiatives forward in a comprehensive and holistic manner makes sense not only for achieving GDPR regulatory compliance but also for making an organization’s employees smarter with data.

AI and a new wave of compliance

The sheer volume of data which compliance professionals must sift through is growing continuously. It is becoming harder and harder for humans to fulfill these tasks sufficiently and in the desired timeframe.

Using AI to analyse large amounts of data and find patterns, trends and connections within that data, is the future path to ensuring compliance. GDPR is setting an exceptionally high standard for governance and compliance. Therefore the more data that is given to AI technology, the faster it will learn, helping to detect any compliance issues and delivering actionable insight to a compliance officer or team.

Although compliance is a business function relatively untouched by digital technology, the computing power that AI offers means that organisations will increasingly adopt AI for governance and compliance over the coming years. GDPR is a perfect opportunity for businesses to act now on integrating AI into their governance and compliance departments.