- Big Data
- Case Studies
- IT Infra
- Digital Transformation
- Digital India
- Software Defined
- AI / ML / BOTS
- BPO/BPM/IT Services
- Enterprise Applications
GDPR is a regulation in Europe with teeth and has benefited the entire cycle of business transactions in the continent: Richard Hogg, Global GDPR Governance Evangelist, IBM
General Data Protection and Regulation act has taken effect in all the countries belonging to the European continent. Richard Hogg, Global GDPR Governance Evangelist, IBM discusses the importance of data protection and states that businesses find more benefit with containing lesser amounts of personalized data belonging to valuabale customers.
"GDPR is a regulation into Europe with teeth and has benifited the entire cycle of business transactions in the continent." Said Richard Hogg during an interview with BW CIO discussing the importance of the regulations around protection of data. Data is believed to be the new oil of the markets that are gradually transforming to the digital space. Apropos of the journey IBM states that it is crucial for organizations and businesses across the world to understand futuristic regulations like GDPR. Richard Hogg on his trip to Mumbai also spoke at the IBM Cloud and Data Summit 2018 regarding the importance of GDPR readiness and the importance of data governance.
- What is the importance of data governance? How important is it in India?
I think the bigger part of the answer lies in the importance of data governance not just in India but wherever you are. Whatever country and jurisdiction there are always regulations which may very from a few to a multiple. Regulations that define simplistically information governance bigger than data governance, but focused on all information. These bodies oversee the time period for which the data is kept with an organization and the purpose behind storing the data. Some countries have a rule that regulations cannot be entirely digitized and are still on paper and there may be rules stating that certain information must remain inside a country. If you operate in multiple countries all these principles overlap and compete and get often confusing. Hence, that is where you get legal and compliance teams involved that will help to regulate the middle ground that works best for the business driven by both risk and economic perspectives.
The ideal with GDPR (General Data Protection Regulation) is that it is standardizing the privacy and security regulations of all 28 countries in Europe. The countries today in Europe have different levels of privacy and data regulations like we do India but it makes it more standardized them to make it a level plain field which is easy enough for anyone operating in multiple countries in Europe. There already are regulations in India, types of information are used in order to access public data. But with GDPR we can access personal data.
- Could you elaborate more on the services provided by IBM that cover data governance as a complete solution?
We believe that we have the most comprehensive technology solutions with an our clients that go through the GDPR journey and some clients have been with us 4 years on that journey while some have been more heavily regulated in terms of financial services and insurance. We have worked with large clients across the world where they have complete end to end solutions and everything was outsourced from IBM. We were also involved in the non-technical part of it focusing on people, policies and process compliance changes. Other clients tend yo pick and choose where they have a particular roadblock or gap and they would only prefer fixing problems related to data catalog, mapping, trafficking or even mediation. We've got building blocks all over our solutions where clients can pick and choose which services they need or purchase the end to end solutions. IBM is running its own global program to make IBM GDPR compliant and we are drinking the same champagne. We use the same solutions for our clients that are practiced at IBM. I am part of the internal process as well and we made a public commitment to readiness with ibm.com/gdpr which was out last year as a market commitment to our partners. IBM has also made public its own e-book defining the steps they took in their journey.
- How would you define IBM's product and services to be unique from its competitors?
IBM has a complete set of solutions compared to all the other competitors in the market. There are lots of other peace meal price products but they are generally stand alone and not integrated. What you're trying to do with GDPR or any major regulation is have a comprehensive approach that lets you optimize and accelerate everything you're doing. We have invested in from last year has been adding in accelerators at every step in the journey and we've got a well defined 5 phased methodology in the GDPR journey. Many of these accelerators are focused around machine learning, for e.g. if you're trying to discover personal data, its hard to do with many of the tools out there today and especially if the data consists of phone numbers, bank account numbers, passport numbers or even credit card numbers. Those are well defined patterns where many tools can find them but it would sum up to only 5% of the whole lot. Hence we have invested in machine learning to train it up on extended set of what is European data and in other languages. Which means you can immediately plug in this discovery accelerator device up and get access to real data. New information can always be timed and cataloged.
- How has IBM's journey shaped with respect to GDPR?
GDPR has everyone's attention in the world whether it is related to European employee or customer data because it has large financial penalties. It is not the first regulation because we have had this in Europe since 20 years, Asia-Pacific has these regulations for multiple years including Singapore, Hong Kong (PDPA 2012 Act), Australia and Japan. GDPR is the first with real large financial penalties which resulted in a risk assesment we conducted and chose to embrace GDPR and follow these regulations globally. We have followed the guidelines with respect to GDPR across 100,000 of our employees, 47 distinct business units and we operate in over 200 countries. This is one of the biggest GDPR programs for GDPR readiness where we are using our 5 step methodology with our clients. These common steps for GDPR readiness where the first step is assessment which helps in figuring out the regulations for anyone who doesn't know where to start. The risk privacy impact assessment distinguishes the 3 main slices of the pie. Compliance which elaborates People, Policy, Process and Education, technical organizational methods followed by an organization, the maturity value of the company. Encryption, access control monitoring, rights of accessing information and constructive plan of action to overcome problems like data breach known as incident breach readiness reporting. The third major slice of the pie is personal data where GDPR Speak can access personal information and identify individuals as a living person in Europe. We need to know where the personal data is and where our client's data is and protect it's life and be able to document how that information is used. We at IBM have a 6 legal basis of processing procedures which includes the right to correct data, right to inquire, right to erase data and the right to data portability and provide it to the client after the term of the business is concluded.
- How is a governance offerings evangelist adding value to the organization in a segment like GDPR?
- What is the topic you have spoken about at the IBM Cloud & Data Summit 2018?
- How is India fairing in terms of data governance policies and guidelines?
- Where would you see data governance in the future? How much of an impact is it going to make?
- What are the industry segments that IBM is working with, especially in the Indian market?
- What does the IBM study that was launched around GDPR specify? What is the key takeaway from the study you have co-authored?