There is a growing awareness of consumers to the value and misuse of their personal data. This in part led to the development of the GDPR in Europe, and KPMG head of Intelligent Automation Natalie Semmes says it is a case of when, and not whether, the US will also bring in a new data regulation act of its own.
Audit, tax and advisory services firm KPMG has partnered with enterprise low code company Appian to help companies meet worldwide data legislation and adapt to changes and updates.
Semmes says building solutions to privacy in a sustainable way can even drive innovation and growth, instead of merely ticking boxes.
The explosion of privacy awareness
“Over the years there have been many different forms of data protection around the world,” says Semmes. “Really, the GDPR which came into effect in May this year took a massive step forward to redress the balance of privacy for consumers.”
“Right now there are too many people who have unwittingly given their data to a whole bunch of digital providers on the web. Suddenly people are realising that, hey, I just played a game on Facebook and now suddenly this is being used to change election results.”
GDPR created a lot of spreadsheets
In the EU, says Semmes, privacy is a human right and not just a matter of legislation. This is at the core of what the EU stands for.
KPMG has 450 privacy experts around the world, specialising in every jurisdiction across China, the US and the EU. In the EU, KPMG has been helping businesses to understand the impact of the GDPR on their organisation.
“There was a huge amount of work that happened until 25th of May this year where they had to demonstrate a certain level of compliance,” says Semmes.
“But what’s happened is that because everyone was in a rush to hit this deadline, they did it in a way that was largely manual. They created spreadsheets of inventories where this data sits. But there’s no way to keep it up to date,”
Semmes described one company who had 5,000 spreadsheets and no repository.
“they just floated around on emails,” she said.
The impact of data and its regulation
The “cheap and cheerful” spreadsheet approach might have provided an immediate solution, but these new regulations also require businesses to keep up to date with their privacy risks.
At the same time, every company is also changing in order to stay competitive.
“In doing that, you’re introducing more personal data. The data being stored may just be shoe size, it may be something innocuous, but you have to assess the risk. And what data are you giving suppliers? That has to be kept track of,” says Semmes.
Companies that fail to take proper care of customer data risk huge financial consequences. The impact of the British Airways data breach reported in October was a drop of 40% in BA’s share price.
“That was a reflection of a huge loss of consumer trust and confidence. Most companies now are teetering on thin ice and they need something more sustainable,” says Semmes.
Privacy by design: Compliance and innovation
Semmes says the aim is to be compliant but drive innovation too.
KPMG has built six apps that sit on the Appian platform and help businesses to work towards that goal. These apps include an inventory of personal data, a master record that is saved on Appian, and also an app for privacy impact assessments.
Appian is used because its flowcharts are easy to update. They can be improved according to a company’s needs, growth and the requirements of data privacy laws as they are refined or updated.
Privacy impact assessments are integrated into clients’ change initiative portfolios, automatically checking on privacy impact when projects are starting. All the necessary checks are made to avoid data being hacked or “whatever else might happen”, Semmes says. The company can even check whether it should be holding that data at all, or if it is supposed to be deleted after a certain time.
“All these decisions have to be made up front and that’s called privacy by design,” says Semmes.