Europe’s new data protection laws might have been over a decade in the making but it would take about as long again to read every piece of advice that’s since been produced on how to comply. In search of some simple answers to a typically complex piece of European legislation, I asked a few legal experts on their thoughts.
With 13 months to go before the compliance deadline, organisations across the country will be scrabbling to ensure they’re not one of the unlucky ones caught out in the months following 25 May.
Start with the Data
Most experts I spoke to were in agreement that firms need to start by mapping their data – after all, you’ve got to know where it is and what you do with it first before working out how to keep it safe.
“For those that are compliant with existing laws, GDPR is going to be an evolution. For the others, it’s going to be a deep, radical change. In general, I think that every organisation should be working on assessing their current practices in light of GDPR,” Forrester analyst Enza Iannopollo told me.
“My advice is, regardless of the kind of support an organisation chooses, it must put together a team of internal people – hopefully the privacy team – and make sure that that team leads the work. Compliance with GDPR is not a one-off effort, but an ongoing process that has to be ingrained in firms’ business model,” she said.
Change the culture
That cultural change might be the hardest thing for organisations to achieve, although a good start is hiring a Data Protection Officer (DPO) – one of the key requirements of the GDPR. Another is the privacy impact assessment, which PwC’s US privacy lead, Jay Cline, recommends as a key stage once you’ve completed a data inventory.
“Data protection impact assessments (DPIAs) are the eyes and ears of the privacy office throughout the company,” he told me by email. “DPIAs are how chief privacy officers enlist the help of the whole company to keep their privacy controls current with all the change going on in the company.”
For Alexandra Leonidou, Senior Associate at Foot Anstey, there’ll be a key role for non-IT functions inside the organisation.
“Who needs to know about the GDPR? Who are the key stakeholders? This isn’t just something for IT, information security teams or data officers. Boards should be aware of the risks, and HR teams need to think about employee data. Getting GDPR compliance right will be critical for marketing and communications teams’ activity,” she told me.
“You will need to engage key stakeholders and implement measures that leave you with an acceptable level of commercial risk.”
Leonidou was also keen to stress the need for independence in the DPO role.
“Guidance from Europe suggests that this role is likely to be incompatible with certain existing C-suite executives,” she explained. “The awareness-raising that follows on from the allocation of accountability will be an ongoing process.”
For those still in the dark, some useful free resources include the Article 29 Working Party and our very own Information Commissioner’s Office. It’s also expected that even post-May 25, the regulators will give firms a little bedding in time before they start going after some high profile offenders.
Sci-fi writers have been warning us about the coming of the singularity for a decade now. And while we’re some years away from having to contemplate such a future, AI, machine learning, big data and other technologies are developing at a pace which is already beginning to impact the global workforce.
I chatted to some experts on the subject for an upcoming feature to find out whether CIOs should be terrified or enthused by the prospect of robot workers.
The truth is that they’re already here, in many heavy industries like tech manufacturing. In May this year a local government official in the Chinese district of Kunshan announced contract manufacturing giant Foxconn was reducing “employee strength” from 110,000 to 50,000 workers, because of investments in robots. But what about when they spread into other industries? As far back as 2014, Gartner was predicting that as many as one in three jobs will be “converted to software, robots and smart machines by 2025” as software advances mean technology systems begin to replace cognitive tasks as well as factory jobs.
Meanwhile, a report from the Bank of England last year estimated up to 15 million UK jobs could be at risk of automation in the future. And a Deloitte/Oxford University study in January claimed 35% of today’s jobs have a “high chance” of being automated in the next 10-20 years.
For IHS Markit analyst, Wilmer Zhou, the coming robot hordes represent both a challenge and an opportunity to employers. Aside from manufacturing, he picked out several industries where jobs are potentially most at risk, including agriculture, logistics, and specialist domestic care. Most surprising for me was healthcare.
“It’s one of the industries with relatively high robot deployment such as surgical robots,” he told me via email. “IHS forecasts that robots in the medical industry will be one of the fastest growth sectors, with the decreasing of the average sale price of surgical robots and expansion of medical operation tasks.”
For CIOs looking to maximise the potential offered by these new automated workers, it will be important to create trust in the bots, argued Forrester principal analyst, Craig Le Clair.
“Cognitive systems can end up learning undesirable behavior from a weak training script or a bad customer experience. So build ‘airbags’ into the process,” he told me.
“Assess the level of trust required for your customer to release their financial details. Get compliance and legal colleagues on board as early as possible. Cognitive applications affect compliance in positive and negative ways. Be prepared to leverage the machines ability to explain recommendations in an understandable manner.”
Also important is to foster human and machine collaboration wherever possible, to reduce friction between the two.
“Rethink talent acquisition and your workplace vision,” Le Clair explained. “Some 78% of automation technologists foresee a mismatch of skill sets between today’s workers and the human/machine future, with the largest gaps in data, analytics, and cognitive skills.”
The bottom line is that robots and AI are here to stay. Whether they’ll have a net positive or negative impact on the workplace is up for discussion, but it may well hinge on how many so-called ‘higher value’ roles there are for humans to move into once they’ve been displaced by silicon.
As explained in my latest for IDG Connect here, Beijing has, via tightening regulations, antitrust investigations and even more restrictive censorship rules, been making the Middle Kingdom an increasingly hostile place for foreign – especially US – tech companies. It was never easy – foreign firms have always had to team up with a local partner to have a crack at the huge domestic market, with all the risks that entails. But now it’s even more difficult.
So enter India – a nation of over one billion and with the world’s fastest-growing economy. US firms have had a much better time there historically. Foreign direct investment is very much OK, and even in those few industries which are less welcoming – retail, media, telecoms and banking, for example – successful partnerships with local players are possible.
The start-up cash pouring in from Silicon Valley and elsewhere is staggering – dwarfing that in China already, according to Forrester research director, Ashutosh Sharma. In the last quarter this reached $6bn from private equity alone, he told me. What’s more India can boast:
- A suspicion of China matched only by the US
- A nominally democratic political system based on rule of law, making its regulatory environment more predictable, if still overly bureaucratic
- A young, tech savvy, increasingly well educated, and affluent population
On the minus side, however, it has dreadful mobile connectivity and poor broadband penetration.
“The size of the country in terms of populations makes it difficult for any government to strike a right balance between pursuing growth through investments versus leaning towards more socialistic policies,” Sharma told me.
“This dithering on policy initiatives since India liberalised its markets in early ’90s have cost them time which has manifested in poor physical and virtual infrastructures.”
A large, “digitally dark” population which doesn’t speak English makes it hard to justify investments in digital media, he said.
“However all indications are that this is temporary because at the pace innovation is happening both in terms of affordability of mobile devices, data connection, and local language solutions it won’t be long before a major part of India is digital,” Sharma added.
As mentioned, the regulatory framework is still over complex and bureaucratic, although this too is apparently changing.
“The pace of simplification and speed of execution has improved since the new government has come in place,” he said.
It will take years before India even comes close to the $600bn in bilateral trade the US and China enjoy. But that trade is massively unbalanced, comprising mainly of Chinese imports to the US. This is not the case with US-India relations.
The winds of change are blowing, and they’re blowing to the sub-continent.
So there it is. Apple’s much publicised Beijing iPhone launch event ended. With no news.
It appears that the fruit-themed company, while claiming that China will be its biggest market soon, does not believe it’s THAT important. At least yet. All the poor hacks were offered was a video of last night’s US launch. Ouch.
More importantly for Cupertino, the prices it has stuck on its new 5C and 5S devices will mean only the most hardy fanboys and girls will want to buy them. The iPhone 5C is definitely not budget, so it will fail to appeal to the mass low-end market currently consuming smartphones in China and India like there’s no tomorrow.
A 5C will retail for between 4,488 and 5,288 yuan ($733-864, £466-549). Compare this with the price for the high-end 5S in the US ($649-849) and you can see why some commentators reckon it will fail in the PRC.
It’s certainly not enough to beat Xiaomi’s impressively spec’d Mi-3 at 1,999 yuan ($326).
Forrester analyst Bryan Wang told me that it needs to come down to 2,999-3,499 yuan in order to “eat up the market share” of the likes of Huawei, Lenovo and Meizu, but that at present prices, the local Android players will be “really relieved”.
However, Apple is likely to have left itself some breathing room. It’s plan? Test the market out with these inflated prices and then “lower the price after a couple of months”.
Apple’s other hope of gaining much needed market share in China come from a possible tie up with the world’s largest operator, China Mobile, which has over 700 million subscribers.
No announcement was made at the Beijing press “conference” today but Wang believes it will come, when the carrier has a 4G network to announce. The reason? The 5C and 5S both support TD-LTE, a standard China Mobile helped to build.
I don’t often cover India’s outsourcing market but an interesting piece of news emerged this week when local media reported that the EU has found some notable gaps in the country’s data protection legislation which could scupper a major trade agreement between the two.
Basically the two have been trying to thrash out the Broad-based Trade and Investment Agreement since 2006.
The idea is that India opens up more of its vast market for EU firms and vice versa, but with one of India’s biggest industries in Business Process Outsourcing, a key demand from that side was that the country be recognised as a “data secure destination” by Europe.
According to the Data Security Council of India (DSCI), this single accreditation could propel outsourcing revenues from European customers from $20bn to $50bn in no time at all.
Sadly for India, the EU Justice Department decided to launch a consultation on India’s data security credentials and now the mutterings are it doesn’t like what it sees.
Any further delays which require legislative amendments could take years – not exactly what IT services giants like Infosys, Mahindra and Unisys want.
However, Forrester security analyst Manatosh Das told me all may not be quite as bad as it seems.
For starters, he said, India is taking information security a lot more seriously nowadays since recent high profile cyber attacks.
With the proposed electronic surveillance Central Monitoring System, the country is apparently planning for stringent privacy laws, while the DSCI, set up by Nasscom, has a strict remit to monitor data security and privacy in the IT and BPO industries, he said.
“I really don’t think in the current scenario outsourcing will take a back seat,” Das added.
“Private organisations in India follow international security frameworks like ISO 27001, PCI DSS, SOX, HIPAA. They have strong contractual agreements with their clients. Clients have the right to audit the vendors as per the agreement.”
However, he did admit that the IT Amendment Act 2008 lacks enforcement and needs amending again to “remove ambiguity” and create specific exceptions.
As a side note, I’m sure the recent “landmark” agreement between the UK and India on data security will also help reassure European customers considering offloading some services to Indian firms.
As always though, rigorous planning and due diligence and early involvement from the IT department should be a given to prevent any unexpected outsourcing problems down the line.
An interesting bit of research cropped up on one of the few English language sites covering Chinese news in this region, Taiwan’s WantChinaTimes, claiming the average lifespan of a Chinese electronics manufacturer is a shade over 13 years.
Now this sounded pretty low to me, not having anything to compare it to, but it struck as an interesting stat which serves to illuminate a lot of the pressures Chinese manufacturers are facing today, and where the country wants to be in a few decades time.
The research itself came from a Chinese manufacturer called Global Market Group, which interviewed over 1,000 firms in the economic zones of the Pearl River Delta and the Yangtze River Delta. It’s not a huge sample, given the sheer size of the industry in the PRC, but it’ll have to do.
The first thing to note is that 13.2 years is much longer than the average for survey respondents of 11.1 years – the report argues that this could be because electronics makers are forced to adapt quickly to changing tech to keep afloat.
More generally, though, 13.2 years doesn’t seem like a long time for a firm to be in business. But it does illustrate the rapid pace of change in the tech industry – where many fall by the way side in time because they simply can’t keep up with the latest trends.
It also shows, as Forrester analyst Dane Anderson told me, the intense pressure on Chinese manufacturers burdened with rising labour and energy costs and competition from other low cost suppliers in Asia.
US politicians and loathsome right wing media outlets often make out China to be the bad guy – taking American jobs by offering brand owners by far the lowest cost of production. However, increasingly it’s becoming a more complex picture than this.
“The perception in the West is often that the manufacturing industry in China is a bullet-proof juggernaut, but this view is inaccurate,” said Anderson. “It is a dynamic and highly competitive sector squeezed by thin margins and demanding customers.”
But as China looks to move up the stack, away from being a land of contract manufacturers mass producing at low prices in incredibly competitive market conditions, things might change, according to IDG’s senior research manager William Lee.
“The electronics industry is typically a high clockspeed industry, meaning the average product lifecycle time span is shorter than say automotive, aerospace, industrial equipment. So electronics manufacturing companies’ lifespan is typically shorter than other companies in other industry,” he told me.
“However when the manufacturing industries mature and many of these companies begin to evolve to brand owners, the average lifespan will increase.”
With China still some way behind Taiwan, South Korea and other countries, it will be a while before this happens, but it surely will, as this is the direction the Chinese government wants it to go in. It recently announced ambitious plans to create eight super-companies in the tech space each the size of Lenovo ($100bn in revenues per year), which would have globally recognised brands.
When that finally happens, and the sweat-shops move out to Vietnam, Indonesia and elsewhere, maybe the US will have to invent another bogeyman.