Invisibly, an organisation that works to democratise access to data, predicted trends that we would see in 2022. In a digital world that is consistently public, data privacy is a recurring issue.
As social media platforms and engagement tracking tools continue to collect and refine our personal data, it’s only reasonable that we continue to evaluate how we think about data privacy. Among its predictions, Invisibly said that:
Consumers will demand more control over their data
GDPR will spark global data protection regulations
Increased knowledge means increased data subject requests
Governing bodies will enforce more fines
More regulations mean greater investment in privacy technology
Big data and bigger compliance issues
Certainly, at Facit, we have seen these trends predicted by Invisibly come into effect this year. In this article, we look at data in numbers, the consequences of data breaches, and how compliance professionals can manage data and guard against fines.
Some staggering big data statistics provided by Techjury
Internet users generate 2.5 quintillion bytes of data a day
The world will generate 180 zettabytes of data by 2025
95% of businesses cite the need to manage unstructured data as a problem for their business.
The data numbers are staggering, which explains why data scientists are among the most sought-after professionals. Techjury provides more references for the fact that Google processes 8.5 billion searches a day and WhatsApp users exchange up to 65 billion messages a day.
The fact that 95% of businesses recognise the need to manage unstructured data as a problem means that there is a challenge both to analyse data and to protect data against privacy breaches.
Is there a correlation between data increases and a surge in GDPR fines?
According to data compiled by Finbold, the EU GDPR fines for 2021 Q3 hit €984.47 million, which is almost 20 times higher than cumulative fines of €50.26 million imposed during Q1 and Q2. To put this into perspective, the Q3 2021 GDPR fines are also three times higher than the €306.3 million imposed throughout 2020.
As of October 4 2021, Amazon EuropeCore S.à.r.l had incurred the highest fine at €746 million, followed by WhatsApp Ireland Ltd at €225 million, then Google with fines amounting to €50 million. Overall, companies in the technology and telecommunication space have suffered the highest fines.
80-90% of the data we generate today is unstructured
80-90% of data is unstructured and comes in many different forms and sizes, According to CIO. As described by Netapp “Unstructured simply means that it is datasets (typical large collections of files) that aren’t stored in a structured database format’’. As unstructured data is harder to analyse and more costly to manage, it makes sense that problem.
The problem of unstructured data for compliance teams
Unstructured data presents significant problems for compliance teams when it comes to removing people’s personal data before sharing information with third parties.
GDPR was introduced in 2018 to protect people’s personal data. GDPR includes rights such as an individual’s ‘right to be forgotten’ by organisations that hold their data. GDPR also enables people to make a data subject access request (DSAR) and request any data that is held by a company, local authority or other type of organisation.
When an organisation receives a DSAR it has thirty days to respond and must first remove or redact (mask) all data related to anyone but the subject of interest. However, data is difficult to locate, as it is frequently held in multiple locations such as on servers, on desktops, on tablets and phones. Data is often embedded in emails, or held in multiple formats such as email, MS Office documents and spreadsheets, which makes privacy processing harder still.
To find references to the person making a DSAR is the first challenge faced by compliance professionals. To remove everyone else’s data from all document types is the next headache.
How to protect sensitive and identifiable data
With the numbers associated with data and the fines associated with privacy breaches both rising rapidly, Data Managers and Compliance Officers are rightly concerned.
At Facit, we understand data governance requirements and the risks organisations face if sensitive information is not removed or redacted.
Facit’s document redaction software provides reassurance to compliance professionals by locating data held in any format (e.g. email, spreadsheet, MS Word document) and not just redacting it, but completely removing the data. Therefore, there cannot be any accidental breaches of an individual’s data privacy.
Automation to remove data and sanitise documents
Facit’s redaction software automatically removes visible information from an electronic document. Our system also sanitises hidden information that can easily lead to inadvertent data breaches. Hidden information can include:
File metadata such as author, title, creation date and PDF version
Embedded files and images metadata
Annotations and comments
Hidden text layers
Scalable data privacy automation for 2023
At the end of 2022 we are witnessing more organisations investing in privacy technology and automation, as predicted by Invisibly, to embed best practice and avoid the risks associated with managing vast amounts of data. Facit’s privacy automation software is scalable and is designed to grow with your needs when data requests increase.
