There are some data protection laws that most people tend to overlook when it comes to big data and personal data. When starting a service that involves private data, there are some essential things you may want to know. This article lists some tips that you may want to know regarding big data.
Learn about Data Laws and Who Has to Comply
Regardless of the data size, the same rule still applies. The Data Protection Act 1998 contains eight data protection principles which must be adhered to by ‘data controllers’ who are processing ‘personal data’. Do not fall for the ‘non-personally-identifiable information’ tag which is trotted out sometimes. If you dig deep enough, chances are there’s ‘personal data’ as defined by the Data Protection Act. There might even be cases where a gadget’s IP address may fall into this category.
Where personal data may not be involved, keep in mind that ‘cookies’ consent and disclosure laws still apply. Reason being they do not require the processing of personal data. However, the simple storage of information on a device or even accessing information from it will be enough to trigger cookie laws.
Be Careful when Using Service Providers or Operating as One
In the most of the high profile data breach cases where the companies have suffered substantial fines have involved mishaps by the data processors. Processors and controllers as well need clear due diligence procedures in the pre-contract stage, written contracts that accurately state their duties and liabilities and even reach through powers against the sub-contractors.
Know the Key Data Law Obligations
As earlier stated, big data does not enjoy exemption from fundamental laws. That said, incorporate ‘privacy by design’ into your new data processes. So, if social media users have posted content regarding your services and you want to use it, do not proceed unless you are certain that your intention is lawful, the users are made aware of the action, the ‘fair processing’ laws are satisfied and that the Data Protection Act has given consent where required. Here is the latest on banking and big data, a lot of businesses should take heed of this info on the Capita ITPS blog.
Normal Data Protection Laws Still Apply when Appending Personal Data Sets
Big data usually proves its value when it comes to re-using. An example would be combining a person’s social media posts with data sets that are hopefully already held by the same person.
Well, apart from ascertaining that this action is in line with the ‘fair and lawful processing’ rule, the ‘purpose of limitation’ rule should be adhered to as well. This basically means that unless the purpose of the combined personal data sets ( for example complex analytics and profiling followed by targeted marketing) are compatible with the original data sets, further consent is likely going to be required before such can be implemented.
Don’t Forget the ‘organizational’ aspect in obligation to ‘take proper organizational and technical security measures.’
Most people usually overlook the organizational aspect of the seventh data protection act principle. Compliance isn’t just a technical matter. Regardless of how complex a data security system or software online or offline may be, both big data and data law will be a huge risk if the internal systems and structures haven’t been properly developed, put into placed and monitored in order to maximize personal data security.