GDPR - General Data Protection Requirement - Information Governance Perspectives

Third in a series of interviews with leaders in the fields of Risk, Compliance and Information Governance across the globe.


IMG_992_kff_400x400

Dr. Ulrich Kampffmeyer is the Managing Director of Project Consult in Hamburg, Germany and a renowned expert on digital transformations, business intelligence and enterprise content management. I had the opportunity to sit down with him in May and discuss the GDPR, artificial intelligence and social issues emerging from the dense, digital fog we all find ourselves in.

Ulrich, you write and teach extensively about the cultural and social changes in work environments that are a direct result of the emergence of digital transformations. Now that data is at the fingertips of everyone…

What changes should society expect that the business world may have already?

The pace of digital transformation accelerates day by day. Cloud technologies, artificial intelligence, IoT and other developments are happening so fast that there is a danger they’ll get out of control. The mightier AI becomes the larger the danger that it gets uncontrollable.

Consider Soshana Zuboff (one of the first tenured women at Harvard Business School) and her three laws:

  1. Everything that can be automated will be automated.
  2. Everything that can be informated will be informated.
  3. Every digital application that can be used for surveillance and control will be used for surveillance and control.

Neither our businesses or society are currently prepared for this change. Just have a look at the GDPR discussions. Data protection as general necessity, data safety as the requirement for continuity, data privacy by default, information governance to keep control, keep the value, keep information accessible – these are basic requirements that should not be ignored like in the past. Future historians will call our era the dark age of the early information society.

You spent quite a bit of time at the Fraunhofer Institute developing imaging systems and processes to support archaeological studies. Given that images provide so much of the fuel for artificial intelligence engines…

Do you envision some of our older legacy systems and indexes ever providing value to future AI efforts?

In the mid-80’s I worked on pattern recognition, image processing, database systems and expert systems for archaeologists and prehistorians. Too early. Today, taking a computer, drones and sensor systems to an excavation is standard. The capabilities of software, hardware and self-learning algorithms are far more sophisticated than in those days. But lets consider so-called old fashioned methods of organizing information. You mentioned the terms “legacy” and “indexes.” Metadata is not legacy. It is a question of quality, control and governance. Controlled metadata, vocabularies and taxonomies are of special value to big data analytics, artificial intelligence and machine learning. Controlled data sets work as guide poles to train new technologies with high quality information. This is important for automated indexing when capturing information, when sharpening enterprise search for qualified results, and managing your repositories in regard to compliance requirements. Especially when it comes to compliance, straightly organized high quality information is an asset. But AI will change the game as well in the near future. Currently classification schemes and file plans are developed manually by academic rules. In the future software will analyse all information and organize itself by protection guidelines, user models, processes, value, retention.

This series of interviews with global leaders in information governance, risk and compliance seeks to find common values and themes in these disciplines across disparate cultures. I know that you are major advocate of standardization.

Are there one or two common threads that run between all of the projects and people you’ve worked with that you also believe should be universal aims?

Standardization is a necessity. Everywhere. We do it with our language, our terms, our grammar to enable understanding. We do it with hardware so that it supports interfaces and operating systems. We do it with software so that it can interact with other software and systems. We do this with the retention rules for documents in our records management systems. Standardization is everywhere – that’s no question. The real question is, what has to be standardized and for which purpose? And is standardization something to prohibit innovation? And is standardization in regard to streamlining and controlling in opposition to the culture of a group of people or an organization? The larger and more distributed an organization is, the harder is the job of implementation of change and change culture. Old behavior, language barriers, time zones, cultural differences can sometimes make common values hard to define. Processes to keep values and make businesses run smoothly need, as well, a kind of standardization. This might all change in the future with artificial intelligence. Less work for humans mean that human-driven use models and respect for human work will decrease. This is a major challenge, because people often define their status by their work. So this is a common thread in all projects, who is to re-define processes, keep workers involved, try to help them overcome their fears of loosing their jobs, and be responsible for implanting a new mind set for a new type of work environment. With AI looming ahead, we even have to define what work is. Man is no longer the scale, the ruler, the canon.

In being at the forefront of Enterprise Content Management and systems design, you must have learned many lessons about development. And we live in a far more regulated environment then existed 30 years ago. Our challenges today intersect with privacy and security.

What are the types of risks and concerns you believe developers of content management systems should be thinking about when building the next Documentum, Sharepoint, Alfresco or Relativity?

There is no future for old dinosaur architectures and big enterprise solutions. Modern solutions have to care for every type and technical format of information available. The basic strategy for products is automation. Not only to get rid of human work and to speed it up, but to improve quality control and establish new areas of business opportunity. Integration is still a major issue. We are no longer talking about traditional records management systems for records managers but about the integration of ECM functionality into other software. Interfacing is crucial. And like the world of mobile apps we will see services come up which integrate and configure automatically into other environments. Complex systems will be only manageable by AI based administration software. So not only end user relevant processes will be transformed but also the configuration, administration and management of these solutions. The IT services concept will make sure that ECM functionality is available in the same way as SaaS, PaaS, and on-premise. A major change will be that end users no longer see an ECM client because the functionality is integrated into the standard desktop environment. ECM looses visibility on the desktop and becomes standard infrastructure. All of these developments change the paradigm of the traditional ECM software architecture and functionality, require new dev-ops, new development tools, listening to the user, faster testing and roll-out, easier configuration, pre-configured business solutions, and easy to use end user interfaces. A big challenge for all companies developing ECM software.

There’s been a lot of noise around GDRP, specifically the “right to be forgotten” and stringent privacy and data retention safeguards, but we haven’t seen much intellectual discussion around the greater social benefits the law intends to support.

How do you see this “return to privacy” improving society when it seems that much of the younger generation not only dismiss the value of privacy, but as Simon Sinek has noted, see themselves through the lens of the over-sharing Social Media community?

The GDPR has been in place for 2 years and is only now being enforced. It is not a return to privacy. Privacy requirements and regulations always have been here. But nobody really cared. We were careless with information and information sharing. And now we are complaining that internet giants are using our data. The new quality of the GDPR is twofold: on one hand it is for all of Europe and organizations dealing with European personal data and transacting business in Europe. So GDPR intends to become a worldwide standard. On the other hand it threatens high fines for infringement. This is a tool for enforcement we missed in the past and that’s why everybody started to care about GDPR. But the other side – small businesses, associations, photographers, and others may come under threat of the GDPR. Where big companies can hire more lawyers and establish a data protection regiment, small business are overwhelmed by bureaucracy. Information Management software is a necessary tool for larger companies to manage all data as defined by GDPR. They need the equivalent of a data map, identify what information is stored and it’s quality, value and legal character and how it is processed. Smaller business struggle with these requirements by their size, larger business by the complexity and the sheer amount of data involved.

The social communities have a different view on the GDPR requirements. On the one hand they have to care more about privacy. They must be able to deliver reports where they store data and what they do with it. On the other hand the GDPR strengthens them because small forums, blogs, communities, groups and business give up on being in compliance and move their communities to Facebook, Google+, LinkedIn or somewhere else. Communities like Facebook even use the necessary declaration of agreement to implement new technology like face recognition, which inflicts directly with privacy.

Privacy by design, privacy by default will be major concepts of the future information society. But in reality people choose the lazy options and we don’t invest serious efforts into the future of our information society. We obviously leave this to science fiction authors and films, to CEOs of internet companies, and to populist politicians. Privacy is not only about rights but as well about obligations. These obligations tangle not only companies and public administrations. They apply to everybody of us, you and me. Everybody has to take care about his own data and to respect the data privacy of all others. We cannot claim any right of being forgotten when we actively upload our directory of addresses to a social platform. In my opinion data privacy and privacy rights is primarily a task for education which has to start even before school. It is a task for developing a mindset about the value and the risks of information. Data Privacy has to start in our heads.

Predictive coding was introduced almost two decades ago and while the technology has advanced greatly, the barrier to adoption is still cost and complexity.

Will advances an artificial intelligence and machine learning help make these tools more affordable and accessible to smaller firms?

First of all – we crossed a magic border of AI recently. AI is now not only self-learning and self-optimizing, but like in evolution… self-replication and self-expanding. An example is the “Neural Network Quine.” AI software is programming AI software and AI software is managing AI environments controlled by AI administration tools. Machine learning will be a standard in this new virtual world. This AI is different from our perception of intelligence. It goes its own ways, inventing different methods, becoming more and more intransparent to the human perception and intellect. It is here, waiting around the corner. We see a big war being fought by Amazon, Apple, Microsoft, Google, IBM and many others for the leadership role in artificial intelligence.

Today, AI is even free for end users or comes with consumer products . The longer it learns the more sophisticated it will become. And AI will become part of every piece of software. The future of IoT with billions of devices will only be manageable by AI. So it is a matter of course that AI will become part of information management software. It will be part of every cloud offering and it will reach smaller firms. The only delaying factor is legacy software, legacy management, legacy behavior, legacy business models. The overlapping, entailing, reverse-causing, accelerating innovation processes will encompass everybody. This is why I mentioned earlier, that our old ideas of an information driven society with well informed citizens having control about information and machines will become overturned by dystopian models of a science fiction nature. Predictive analytics with artificial intelligence will play a major role in our fight to keep control, because software and systems will anticipate what we will be doing better. Complete industries will change. First those, who deal with information only, like banks or insurances. Then manufacturing and others will follows.

Based on your many years of experience as a practitioner lecture and consultant…

What sage advice can you offer to a young person just entering the field of information management and information technology?

Well, education on information management is lagging behind the technology and information revolution. Learn to think by yourself, learn languages, learn how to communicate, learn methodologies, learn philosophy, learn to adopt change, learn to not stop learning throughout your life! Study something which is of real interest to you, what you really love, which gives you intellectual satisfaction.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.