AI Help Companies With GDPR Compliance

The basis of GDPR is the privacy of data for citizens and consumers of EU countries and the methods needed to track and enforce GDPR will need to have intelligent methods to process the large amount of data that will need to be sorted to identify GDPR compliance or non-compliance. According to Dr. Shane Archiquette, CTO – Global Communications, Media & Entertainment, Global Markets and Technology Architecture, Hitachi Vantara , AI-assisted auditing will most likely be the method used to look for patterns across multiple disparate datasets that businesses will need to produce and process. In addition, AI will provide a composable method to machine-learn new areas that are identified by GDPR legal precedence as new cases are opened and closed.

According to a recent report, European Union Institute researchers created AI-enabled software to scrutinize the privacy policies of 14 major technology companies for violations of the new GDPR. They found that 1/3 rd of the clauses contained “insufficient information,” with 11% of the policies’ sentences using “unclear language.” Among the companies examined were Amazon, Alphabet, and Facebook. The researchers did not reveal the company's names which were in violation.

The AI software found that policies that did not identify 3rd parties a company might share personal data with, policies that stated users would be deemed to have agreed to a plan by using vague and confusing language. The findings of the research were very concerning and urged EU regulators look into the matter. AI can be used to keep companies in check and ensure people’s rights are respected. This would help EU data privacy regulators to monitor a vast number of businesses and to start legal action against those who break the law.

In response, a Google spokesperson said in a statement that “the firm has updated its privacy policy and uses clear and plain language,” and an Amazon spokesperson stated, “its policies are compliant with GDPR.”  The researchers said the 14 companies were chosen because they manage the dominant platforms in Europe and “should be setting a good example for the market to follow.”

Challenges Indian Companies face while Deploying GDPR

"Indian companies will have a challenge in understanding and executing the intricacies of the GDPR act as there are differences in data retention and privacy laws in India compared to EU and how those laws are enforced within India. However, Indian companies will have the ability to leverage their advancements in AI to build compliance checks and assurance as the GDPR law becomes more defined towards Indian company entities, "said Archiquette.

Another challenge for Indian companies with GDPR is knowing where all the user data is being stored. Data doesn't exist in a controlled environment. There are many locations where user data can be stored and we may not know where all the data is.

Archiquette concluded by saying that the solution for AI towards GDPR is a structure that has the blueprint of GDPR information handling and processing created digitally with ‘sensors’ that can identify and alert on potential non-compliance, a sort of GDPR-AI driven ‘watchdog’ software of sorts. This solution would provide a company a real-time resource and dashboard to show compliance levels and warnings/alerts of non-compliance.