Humanising data

Source: pixabay

I’m fascinated by all things tech, a total geek when it comes to the law — I love design and business — but the thing I am most interested in and relentlessly curious about is people. How they behave in groups, individuals’ stories, desires, drives and motivations, clients’ needs, users of software’s frustrations, and the person behind who’s data it is.

See that’s the thing I most relate to about regulations like the General Data Protection Regulation (GDPR) — the person is put centre stage, the individuals’ rights brought to the fore. The regulation recognises that personal data has a value (for example to commercial models or indeed cyber criminals) or a cost (in time, in reputation, or monetary loss) if it’s misused or if the private becomes public.

So in Data Protection people are the hero of our story, which points the way to bringing dry regulation and complex subjects to life: through stories, case studies, visualisations and context.

Privacy and Human Rights: the inherent link

The right to privacy or private life is recognised as a universal human right in Europe, and Privacy by Design (a concept which first came from privacy expert Dr. Ann Cavoukian) means putting humans at the heart of the process or project.

Delivering Privacy is therefore about getting input on Data protection, security, risk from the outset of an initiative. The thinking here is similar to frameworks such as User-Centred Design which seek to find solutions to human problems (and also need to be aligned from the start of a project), which to me is what tech and data projects should be about: enabling and complementing human progress and our world.

The opposite of this is tech for its own sake — like an ‘AI project’ without the anchor of a business or data strategy, a software solution looking for a real world application after it’s built, a billion dollar app idea without real world customer testing. Having worked in this industry for well over a decade now, I have seen a lot of these types of initiatives and trust me, the wheels always come off.

How can you make people the hero of your Compliance programme or Data project?

Data governance matters; how can you do the really interesting stuff with your information as a business if the foundations of healthy, clean, quality, well managed data isn’t there? That takes the right people, tech, operations and importantly culture. But ‘governance’ and ‘compliance’ though exciting to many of us don’t typically resonate as a wider message in an organisation. And engagement with the message of Privacy or Compliance really matters because it is how it will become embedded in a business: dusty policies mean nothing if they are not put into practice.

Win the hearts as well as the minds

In my experience the best way to engage is through stories, giving context, making things visual: humanising the programme, the work.

Some practical tips to humanise data in your business…

Here’s my quick 4 on putting people at the centre of your approach to Privacy:

1. Case studies, semantics and stories: bring your training, awareness sessions and communication to life with video or written case studies which gives the context to Data Protection in language which connects with the audience. What would it mean if health data was leaked to an individual? Describe the pain of dealing with stolen identity or card details. Illustrate the importance of keeping children’s images safe
2. Create privacy champions in your business beyond the DPO office — who will be the voice of the customer or end user and consider the benefits and risks of the project? Can you measure what being a good personal data custodian means for your business? A privacy champion programme which connects to the overall strategy and/or cuts across departments can be very effective in large organisations, for example
3. Pictures and diagrams — use processes, hand drawings or software like Trace to help you make data residency visual by creating a map of your data and thus risks, gaps and issues more tangible. This is particularly useful for understanding where data is being processed globally when cloud vendors are used and what regulations apply. Sometimes a spreadsheet just won’t cut it
4. Remember risk, but make it interactive. Are you developing a new tool, moving to a new CRM or building a marketing/sales campaign which involves personal data? If so you should be using a Data Protection Impact Assessment (DPIA) to help you analyse and mitigate risks, but make it meaningful — move beyond this being a tick box exercise into a discussion on the risk and rewards of a project. So shift this exercise from form filling by an individual into something more discursive as a team.

Privacy by design doesn’t happen in isolation — it’s a team game — played by people, for people.

I am the Founder of Trace — we help organisations protect the business that matters with our visual, easy to use platform.

(This article first appeared on Linkedin)