The Effects of GDPR and Conversational AI
Today we announced enhancements to Teneo’s architecture that will enable enterprises to comply with the General Data Protection Regulation (GDPR) in accordance with their own policies and procedures. Data is at the heart of conversational AI, and is used to personalise the conversation, improve the system and deliver actionable insight to the business, so it’s essential that enterprises can reap the benefits while complying with regulation and legislation.
GDPR might be an EU law but the ramifications will be felt around the globe. Anyone processing an EU citizen’s personal data must comply, no matter where they are based or how small the company. For organisations the challenge is not just in storing the data, but also in retrieving the information for export or deleting in a timely manner. And the penalties of non-compliance are tough with a maximum fine of up to €20m or 4% of turnover.
It should be noted that personal data shouldn’t be confused with the more commonly used term in the US of personally identifiable information or PII. Although there is a growing trend in the US to widen the remit of PII as technology increasingly delivers persistent identifiers such as IP and MAC addresses, currently GDPR’s definition of personal data encompasses much more than PII.
Businesses would be right to assume that data protection legislation across the globe will continue to be extended to afford data subjects more rights and increased protection. As the true fallout of the Cambridge Analytics and Facebook debacle starts to be fully understood, it’s likely that law makers and privacy advocates will be taking a hard look at what needs to be tightened to protect people from global corporations and governments alike.
At the same time it shouldn’t be forgotten that in some countries such as Germany and Switzerland, their data protection laws are already more stringent than the GDPR requires. It’s also probable that the UK, when Brexit happens, will look to implement a tougher stance, based on how it currently deals with EU legislation.
It’s clear that as data becomes the driving force behind businesses that data protection regulation around the world is going to increase. At Artificial Solutions we already provide an open flexible architecture in Teneo that allows enterprises to meet their own exacting security conditions, across multiple geographies and legal requirements. This includes self-host their entire deployment of Teneo when required.
Our customers own the conversational data they generate which enables them to secure it according to their own policies and procedures. In addition, the knowledge Teneo gathers is stored in one place which streamlines the querying and interpreting of conversational data, and allows for the easy identification of any personal data in order to deal with it appropriately.
Now with these latest enhancements to Teneo, it is also possible to pseudonymize personal data to enable conversations still to be used for statistical analysis and data insight, even when the personal data has been removed in accordance with the company’s GDPR policy.
Data regulation maybe tightening, but deriving significant value and benefits from conversational AI is still achievable with Teneo, even when complying with the most stringent of data protection legislation.