What can AI do for GDPR?

0 0 2,362

Guest post by Dr. Sean Blanchflower, Head of R&D, Micro Focus IDOL

Dripping in sweat as I ease out of a marathon session at the gym, I often spy the oh so helpful poster, "no pain, no gain." But when applying this tenet to the now-pervasive General Data Protection Regulations (universally referred to as GDPR) we've certainly had the pain, so when do we get the gain? As employers, we've been bound by strict processes governing pretty much every one of our databases that we've needed to follow simply to retain our hard-earned lists of customers; and as customers we've been engulfed by increasingly frantic communications from companies that we bought a bunch of flowers from three years ago, working the full horizon of emotions from Denial ("just to let you know") and Anger ("don't send us to jail"), through Bargaining ("stay in touch and win a drinks voucher!") and Depression ("please don't go..."), to the eventual Acceptance ("it's goodbye").

What can AI do for GDPR.pngSo as customers we are - perhaps - through the worst, able to sleep relatively soundly knowing that regulators everywhere are safeguarding our private information, but as employers the difficulties are just beginning. The regulations apply indefinitely to all Personally-Identifiable Information (PII) held on citizens of the European Union and European Economic Area, so the pain is evidently just beginning. A Netsparker survey of 300 C-level executives claimed that only two percent of companies had reached full compliance by the time the regulations took effect in May. So what next?

Fortunately, the database and records management industry has jumped to offer governance and compliance products, poised to meet requirements across any company's suite of databases or records systems. However, this only answers a portion of the problem; making a customer database compliant is a key first step, but the regulations apply to all PII, in whatever form it appears. How about a passport number sent in an email? Or a comment about a user's medical condition posted on the customer forum on the website? Or even a photo of a driving license received as part of a transaction? How to deal with those?

In Micro Focus, our approach has been to use the capabilities of IDOL, the industry-leading AI engine that uses Bayesian Theory and Machine Learning to find patterns and perform analytics on all types of documents. To IDOL, a piece of PII is simply a pattern to be recognized across the 31 countries and 26 languages of the EEA, whether it's a postal address in Malta, a kennitala id number in Iceland, or discussion of medical treatment in Romanian. Its contextual learning solves the problem of ensuring that a benign 8-digit number isn't blithely identified as a passport number, and its linguistic modules address the need to find the name of a Bulgarian individual regardless of whether it's given in Cyrillic or transliterated into the Roman alphabet. Sourced from government documents and constantly updated with new training and patterns, the GDPR module simply aims to meet the requirements to know where a company's PII is located and to help take action once it is.

Now if only it could help me through that final mile at the gym…

About the Author
The IMG Guest Blog account is a collection of authors from various roles with-in the MF IMG business unit. Authors have expertise in the Information Management and Governance field and provide valuable insights into how to use our products as well as market insight.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.