Petya Petrova - Fotolia
As the General Data Protection Regulation (GDPR) date draws nearer, complying with the upcoming law can open new doors for organisations to transform their business analytics.
GDPR, which comes into force on 25 May 2018, aims to ensure better transparency and accountability over the data organisations keep on consumers.
Non-compliers could face fines of up to €20m or 4% of their annual turnover, and IDC predicts 40% of firms will not have the adequate tools and procedures in place in time for the deadline.
Speaking at a recent conference in London, IDC vice-president Philip Carnelley discussed how GDPR could drive improvements in data analytics.
“The more you use analytics, the more data you’re getting on people – on your operations, customers and partners – and you have to be sure you’re doing that in a legal and ethical way. That’s always been true, but GDPR brings it into a much sharper focus,” he said.
“Everybody’s got to get their house in order. They have to understand the data that they’ve got and how it all fits together.”
Once their house is in order, businesses then have an opportunity to exploit their analytics capabilities, said Carnelley. Organisations can use compliance as a foundation as they look to transform their business analytics. Business need to consider strategies such as new data types if they want to “turn information into a competitive advantage”.
Read more about GDPR
- Only 5% of charities are ready for GDPR, survey finds.
- The Department for Work and Pensions will reportedly spend almost £15m to prepare for GDPR.
- Cyber criminals could use GDPR fines to their advantage during ransomware attacks.
This view is reflected across the industry. Microsoft’s director of corporate external and legal affairs, Hugh Milward, said in a blog post that GDPR “offers firms the opportunity to transform their company and change the way they work to become a data-driven business and thrive in a cloud-first world”.
Carnelley said it made sense to use cloud for analytics processing because of the increasing number of systems off-premise. “You have access to large-scale power for processing if you’ve got data in Amazon, Google or Azure clouds, because it’s very scalable and powerful – and you’ve got access to all these datasets.”
However, he warned that moving analytics into the cloud might lead to issues with where a company holds its data, particularly for large organisations operating in different countries. “It might be that the countries have different regulations about what can and can’t be moved from one country to another,” said Carnelley.
Exploiting GDPR-compliant data analytics
One example of where data analytics can be used is in the collection of new data, such as internet of things (IoT) data from devices, which can be used by a company to get a better understanding of its customers.
“If you’re trying to build new business models, you need to be able to deal with more than just the data in your ERP [enterprise resource planning] system and the financial transaction system. You might want information on your customers, which you might be able to get from the internet or their buying patterns.”
As previously reported by Computer Weekly, tyre manufacturer Pirelli uses sensors to measure how its truck tyres are performing, and health insurer Vitality offers discounts for smart devices such as Amazon Alexa but uses its data to track user fitness.
Artificial intelligence in business analytics
Artificial intelligence (AI) can also be applied in business analytics. Carnelley said AI could quickly identify data patterns and improve customer interaction.
“You can use AI to help people if they have questions,” he said. “It can look at a knowledge base and answer the questions through its knowledge of ‘the last time someone asked this, this is the answer we had’.”
But businesses will clearly need to be GDPR-compliant, which demands accountability over data. Carnelley said AI could create issues if it was not implemented ethically.
“In your organisation, if you’re using AI, you have to think about: ‘What does this mean for us as an organisation ethically? What will it mean to us in terms of risk and compliance?’ AI doesn’t really change any risk, but it magnifies it with bias in algorithms, for instance.”
The House of Lords published a report on 16 April 2018, with recommendations as the technology develops, including the removal of unconscious bias, more clarity with the public over AI decisions which affect them, and more investment in AI and machine learning PhDs.
Treat your data as a revenue earner
With GDPR compliance, businesses can be in a far better position to assess how they can monetise the customer data they collect. As an example, Carnelley said a telecoms company could use mobile phone signals to track people walking around a shopping centre.
Such data can be used for retail footfall analysis to understand the demographics of people walking past their shops. Stores in the shopping centre could buy this telco data to get a better understanding of which merchandise to display at the storefront.
“What we see at the moment is people building information into services they offer,” said Carnelley. “They’re not selling the data per se, but I think that’s going to come. People will be looking at data exchanges more and more.”