Now that the new European privacy legislation (GDPR) has come into force, organisations need to be widely accountable for their use of personal data. This has caused organisations a real headache, particularly those that use hundreds or even thousands of different data sources and systems. TNO is keen on using semantic technology to make procedures related to the GDPR smarter and in the process create a basis for data-driven innovations.
Organisations that timely met the new privacy rules can look back on their efforts with satisfaction, say Linda Oosterheert and Wouter van den Berg, both data exchange advisors at TNO. Oosterheert: “But they cannot just sit back and relax.. On the contrary, as soon as they introduce new systems or files and amend existing systems or files, they again have to explain what data they are collecting and how they handle that. They must be able to do this continually, even if they introduce no updates and make no changes. The GDPR, or General Data Protection Regulation in full, therefore continues to require attention.”
And not just attention. Accountability yields a considerable amount of work and this in turn entails more costs. Van den Berg: “The GDPR stipulates that every person must be able to inspect, adjust or delete all the data collected on him or her. If an organisation wants to comply, its first step is to gain an overview of all the personal data it stores.”
Hundreds, thousands of sources
This often poses particular problems for organisations that have large numbers of systems and files. For example, telecom providers may have hundreds or even thousands of data sources on highly diverse subjects. Oosterheert: “In any event, it is difficult to keep an overview. And if these systems or files were designed for different purposes and use a different language, it really makes it difficult to build a coherent picture.”
“An example? Two employment agencies that have just merged. One thing is certain: the systems that must be merged are incompatible.”
Van den Berg: “We regularly encounter situations like these. An example? Two employment agencies that have just merged. You definitely know one thing: the systems that must be merged are incompatible for sure. Do they use the same definition of a temporary employee, do they use the same contracts? Just try building a comprehensive picture when these organisations have just been put together. In practice, a great deal of manual work is often involved.”
Nevertheless, that comprehensive view is essential to fulfilling the requirements of the GDPR. Oosterheert: “Semantic technology is particularly well suited to gaining and maintaining the comprehensive view. This technology ensures that data sources understand one another by taking into account the meaning and context of concepts. We assist this process mainly by capturing and organising metadata, data about the data collected by an organisation. This allows us to connect the various sources in a meaningful way.”
“Semantic technology ensures that data sources understand one another by taking into account the meaning and context of concepts.”
Answering questions posed by the GDPR
Once this has been done, the organisation can combine the knowledge held in the data sources and use them to answer questions. Van den Berg: “Imagine questions you are likely to get in the context of the GDPR. These concern the personal data that an organisation has collected, such as with whom you are sharing this data, and whether the person to whom these data relate has given consent to share them with others. If you use semantic technology, the computer takes charge of providing the answer quickly, properly and simply.”
“It pays to invest in an automated system that can take over the manual work quickly and efficiently”
That sounds great, but is it not a little late in the day for Oosterheert and Van den Berg to be suggesting this? The GDPR has been in force since late May and organisations need to have things sorted by now. Van den Berg: “That is right, but these organisations should also realise that this work keeps on coming back. That is why it pays to invest in an automated system that can take over the manual work quickly and efficiently. It does not involve adapting existing systems, your data management becomes much simpler and you can access all your data from a central access point.”
Semantic technology has other applications too, it can provide the basis for data-driven innovations, says Oosterheert: “You can use it to link data that could not be linked before. This often leads to surprising insights. We have seen this in practice, when we connected dairy farmers to one another or when we connected employment agencies, or smart devices. The farmers share data and can now feed their cows more purposefully. The devices work together more efficiently. These possibilities were not self-evident and a person does not simply discover them. But with semantic technology we managed to do this.”
TNO is happy to advise you
Would you like to know how semantic technology can help your organisation to meet the requirements of the GDPR and to demonstrate compliance? Would you like to apply this technology when using your business data strategically? TNO is happy to advise you from an independent and future-oriented perspective. Get in touch with Linda Oosterheert.