Information governance, data privacy governance moving forward
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
There is something about information governance and data privacy governance that makes it seem hard to tame. One, the incessant increase of new trends in information technology. Regulation is playing catch up with advancement in technology. Second, personal data which is the new oil, will continue to generate various developments when it comes to how companies process data. Third, and most importantly, there is an increasing global awareness about how institutions, both public and private, use personal data.
2021 revealed that privacy regulations, whether it’s the EU General Data Protection Regulation or any privacy-related regulation, are beginning to grow sharp set of teeth. However, there is still the existing scepticism about the regulation from stakeholders about the implementation of some of the requirements. Complaints about the ambiguity of some aspects of this regulation and the heightened cost this presents to business remains a strongly mooted point.
In Q3, the fines levied against companies for violation of GDPR hit a colossal €1 billion. These fines would continue to increase as we welcome the new marriage of machine learning and artificial intelligence. The smarter these machines get, the closer regulation leans into business processes. Stakeholders have a key role to play to ensure their organisations avoid missteps in information governance and create a default system of respect for privacy.
There are other accompanying regulations like Privacy and Electrical Communication Regulation (PECR) that align with the purpose of protecting individuals’ freedom and from excessive communication by companies when it comes to marketing to individuals. What’s more, we will begin to see bespoke regulations created for the purpose of information that companies process.
Whether this is going to lay heavy burden at the feet of companies is not the major question. The implication of moving forward for any company in this modern era, like I have mentioned in numerous articles, is to maintain at least one standard within information governance and pay close attention to the people, process and technology. There is not going to be a change in the way that companies will be regulated with how they process information. Rather there would be a heavy leaning into institutions by regulators.
Regulators have a role to play too. In the past couple of months, there have been serious uproar from company stakeholders arguing that it seems that regulators want to stifle economies and entrepreneurial spirit by springing up various clauses aimed at the company. To stop such scepticism, regulators should liaise closely with various business stakeholders, study market trends and ask questions before pushing out new regulations. What’s more, regulators should guide companies in implementation of complex parts of the law by publishing white papers, blogs and maintaining an open line of communication with company stakeholders.
The main way forward is for all hands to be on deck in this rich information era. There is the need to create a holistic approach in how companies and regulators can better serve individuals while protecting their personal freedom and rights. To increase business revenue, serious companies would start looking into how new projects or processes can align with the ever expansive trend of regulations across the globe.