Privacy needs to be built into IT systems as a core principle when dealing with personal data, in order to ensure compliance with the upcoming EU General Data Protection Legislation (GDPR).
The GDPR, which will come into force in the UK in May 2018, sets strict rules around how firms must treat personal data, and brings with it large potential fines for firms which breach legislation.
Richard Giles, CTO at Ladbrokes Coral, explained that privacy has been built-in to his new systems to ensure compliance.
"We're making sure our frameworks have privacy built-in as part of the core principles in the new systems we're building after the merger [betting firms Ladbrokes and Coral merged towards the end of 2016]," said Giles. "We're trying to move onto new modern platforms, often in the cloud, and these new systems need to be compliant from the ground up. They need to include a common customer record, so that we know customer data is concentrated in one place," he added.
Giles said that in his industry there are also obligation around fraud prevention, which includes maintaining records of everyone to have transacted with his business. Those rules conflict with the right to be forgotten brought in by the GDPR, where individuals can demand to have their data wiped from certain firms' databases.
"We have obligations around fraud protection, some of thet involves keeping records, so we can't forget you completely as then we can't prove if you committed fraud. I can't begin to explain how we intend to do that! We need to segment data and work out what you have a right to be forgotten and what you don't," he explained.
Giles also pointed to backups as another area which needs to be considered, as all regulated data will also reside there.
"We need to understand what data we have, and what backups we have, as we have a large legacy in that area. It's an offence to keep customer data in emails, but what about the employees' right to be forgotten, what does that actually mean? That's another untapped problem," he said.
Giles was speaking at an IT Leaders Forum event from V3's sister title Computing. At the same event, Robert Bond, partner at law firm Bristows LLP also discussed for how long organisations should keep emails before destroying them.
Are you paying attention?
Private equity firm Permira only acquired Magento from eBay for $200m three years ago
Before robots can take over from humans, we need more humans
It's not easy not being evil