Building Bridges, Not Walls

In the podcast "Building Bridges, Not Walls: A Practical Guide to AI & Data Governance!", Ken Coyne of OpsTalent’s TechPeople podcast and Trace’s Founder Sorcha Lorimer discuss key principles of data governance in the context of AI's rapid development, and its impact on privacy and data security.

Sorcha Lorimer, founder of Trace Data & Privacy, outlines practical steps for organisations seeking to ensure that they are managing data responsibly – emphasising that sound data governance practices are a way to unlock business benefits, rather than being the ‘blocker’ many might fear they are. In so doing, she offers a raft of insights from Trace’s work in data governance support, especially for healthtechs, research innovators, and data sharing projects covering both the private and public sectors (see our Client Stories to learn more).

As the AI revolution brings data governance even more to the fore, here are ten key takeaways from the podcast:

1. Robust data governance is an enabler: while there are of course times when data should not be shared (corporate IP, for instance), you should think about robust governance as a means to good (read: compliant, responsible and above all ethical) data sharing practices and the generation of meaningful insights. Data governance unlocks opportunities to do so much more with your data.

2. Don’t neglect to get buy-in from across your organisation: data governance might not be the most appealing concept for all your colleagues; it might sound like it’s just the business of compliance or may come across as a blocker (see Point 1). You could use case studies or real-world examples to show how good data sharing underpinned by sound data governance makes lives better. The use of large datasets for healthcare research or developing smart cities more tailored to residents’ needs are good examples.

3. Get comfortable wrestling with grey areas: GDPR, the AI Act and all the other regulations and frameworks around data governance are replete with grey areas by necessity; technologies and use cases are constantly evolving, and these are complicated areas where deep thinking will be required. If you are really puzzling over some areas of data governance and consulting with a range of experts as you make decisions, you are doing what regulators want you to do!

4. Focus on creating meaning for the business: by the same token, invest the time to translate data governance principles and guidelines so that they are comprehensible to all colleagues, and make sense in the context of your particular mission. Make it known that data governance isn’t a legal issue alone, but the bedrock of any responsible business dealing with personal data today (and who isn’t!).

5. Make it real and tangible: workshopping compliance or ethical issues with a multi-disciplinary group is a great way to thrash out thorny data considerations and come to a shared understanding of how to sharpen up data governance organisation wide. You can then feed those findings back into practice and create compelling communications which the whole business can benefit from.

6. Take advantage of simplified regulatory guidance: regulators recognise that some of their rules frameworks and legislation can often be somewhat impenetrable to the layperson, which is likely one reason why the AI Act focuses on a risk-based approach and simplified categorisations to show you where you need to focus. You will also find that regulators offer a lot of guidance with worked examples for both data protection and data governance, so make use of these and document how you are following these suggestions. 

7. Take regulatory censure seriously, but don’t be paralysed by fear: enforcement actions have certainly occurred for the most egregious instances of non-compliance, but you certainly shouldn't feel like regulators are out to get businesses. That is not the spirit of the legislation at all. Rather, see the rules as a risk management tool for your benefit, and the authorities as resources. You may not know, but you can consult with them on things that you are worried about before proceeding with a planned activity.

8. Ensure compliance is built in, not bolted on: do not go too far the other way, however, and try to rush or ignore elements of compliance that might be inconvenient to your projects. The whole point of the regulations is to build from a sound foundation of good data governance and data protection. Approaching compliance as an afterthought can really slow you down (and might turn out to be an expensive mistake).

9. Think right across the data lifecycle, and get visual if that helps: data governance is at heart about answering what should be fairly simple questions thoroughly and with ease. What data do we have? Where did it come from and under what lawful bases do we obtain and use it? How do we make our use of AI transparent and responsible? How is data protected at every stage? What happens at the end of its use? If you can’t map the data journey with all its touchpoints then it is likely you need some data governance work.

10. Be sure to focus on business benefits: good data governance has real value for your organisation if approached in the right way, and this takes us back to securing buy-in for your data governance exercises. If you are confident of your compliance and have mastery of data management, you are sure to be operating in a more responsible and risk-managed manner than many of your peers. Innovate vigorously with AI, but make sure business value is maximised, rather than put at risk.

Listen to the full podcast and conversation with Ken and Sorcha on Spotify. 

This article was authored by Wendy Spires, CIPP/E. This article is should not be taken as legal advice. 

About Trace:

Trace help global companies navigate global data regulations and implement practical steps for a risk-based and pragmatic approach to data governance and global privacy compliance with the relevant laws and frameworks. Looking for support with data governance framework design, data sharing guidance and applied Privacy by Design for your company?  Book your free consultancy call now.