The EU’s new General Data Protection Regulation comes into effect on May 25, 2018. The preliminary draft of the complete revision of the Federal Act on Data Protection (FADP) has already been published. In both cases, compliance duties and sanctions for non-compliance will be increased. From a technical vantage point, Knowledge Management not only increases innovation, but is also useful in meeting the regulatory duties and minimizing risk. How do you combine the unpleasant with the useful?

Datenschutz symbolbild 384

A Knowledge Management system that provides an overview of aggregate data and its content streamlines compliance with data protection regulation. Data referring to a person is identified more quickly and classified into the appropriate category; for example, relevancy to the business. Not only is the duty of disclosure met more easily, but corrections and deletions are easier to execute. Private and confidential data unintentionally entering business infrastructure through various ways can be identified and will be disposed of as though it were toxic waste.

Identity Management will be a key factor alongside Knowledge Management. It is the basis of pseudonymization and Privacy by Design. State-of-the-art identification uses surnames or email addresses containing name components. If they are linked to relevancy to the business data, deletion is difficult or even impossible. In practice, there are countless authentication mechanisms besides Single-Sign-On (SSO) that all too quickly become challenging to manage.

At the SwissHoldings event ‘Datenwirtschaft, Datenpolitik, Daten­regulierung’ on January 30, 2017, three panels comprising corporate and government representatives discussed future data protection regulation. The audience heard numerous controversial statements. This is common at this stage of a legislative project. We agree that innovation must not be impeded. However, in view of the steep sanctions and obligations to combine data, we are concerned because that is what Big Data and Machine Learning is all about. The resulting innovation is difficult to grasp through conventional patterns of thought. That informational self-determination will be valued more highly is to be welcomed. Hopefully, it will be possible to integrate some intelligent ideas before passage of the bill, so that it’s not just a simple increase of duties and steeper sanctions.

Complete Revision of the Federal Data Protection Act

The complete revision's draft of the Federal Data Protection Act is currently in political consultation. Data Protection is to be increased by giving people more control over their private data as well as reinforcing transparancy regarding the handling of confidential data.

Links: draft, report

Eurospider Information Technology AG
Schaffhauserstrasse 18
8006 Zürich