What is data compliance? How to achieve data compliance?

Reading guide ： With the collection and use of personal information 、 Big data algorithms and artificial intelligence are more and more widely used , Data security has become important and urgent . The governance of data compliance is an indispensable part of the whole social governance in the digital era , What kind of data does enterprise data compliance control ？ What is the scope of data compliance work ？ This article reveals the secret for you .

author ： Meng Jie Xue Ying Zhulingfeng

source ： Shucang treasure house （ID：DataBaby_Family）

There are all kinds of data in the enterprise , Include ：

• Business data , Such as financial statements 、 Cash flow 、 The number of active people and the number of active people per day ;

• Data needed for enterprise decision-making , Such as industry statistics report ; Various data collected by the product , Including the user's registration information 、 Behavior information, etc ;

• The enterprise processes and develops data on the basis of various data collected , Such as user portrait 、 Recommended algorithm model 、 Product optimization direction, etc .

Data compliance governs data related to users , The specific boundary is not clear , And the terms are different , Some people call it user data , Some people call it personal information , Most people call it privacy .

What is the scope of data compliance work ？ From the essence of information technology , Personal information is one or more fields , Data . Such as “01010202,F,click,2021-04-21 9:26:00”, This row of data is based on the user-defined data structure , It means “ID yes 01010202, Gender is female , stay 2021 year 4 month 21 Japan 9 spot 26 There was a click behavior in the minute ”. Data has its own lifecycle , As shown in the figure below , Logically, it can be simply divided into data collection 、 Use 、 Storage 、 Disclosure to The destruction .

▲ chart 1 Data lifecycle

Use “ Data lifecycle ” Framework , On the one hand, it conforms to the basic law of data , On the other hand, it can help the data compliance personnel comprehensively sort out the enterprise's activities of processing personal information , And then assess and deal with the corresponding personal information protection risks in stages .

01 All aspects of data compliance

1. The management system

The legal provisions on personal information processing of enterprises are The enterprise provides corresponding information according to the risks of the activities handled 、 appropriate 、 Necessary organizational and technical measures . Organizational measures need to rely on the management system to operate , Pictured 2 Shown , In short, it includes the institutional and organizational guarantee of personal information protection 、 Training and assessment of relevant employees , And corresponding system guarantee （ Implement the compliance requirements into the specification documents at different levels within the company ）、 Safety incident emergency response and safety audit .

▲ chart 2 Schematic diagram of personal information protection management system

2. Technical measures

Appropriate and necessary measures in addition to organizational measures , Corresponding technical measures shall also be included . The technical measures for personal information protection cover a wide range , Both include encryption 、 desensitization And other safety technical measures , It also includes technical measures for product design to implement personal information protection requirements . Safety technical measures , Pictured 3 Shown , Including data identification 、 Personal information protection 、 Interface safety management 、 Data leakage prevention and operation audit .

Technical measures for product design to implement personal information protection requirements , According to the difference of each product type , The compliance control measures designed based on the risks brought by the product itself include differential privacy 、 Federal computing, etc . such as , Read the platform's suggestions to open friends , You can share your reading records and experiences with each other , This function is beyond expectation for some users who want to read privately , Therefore, the product compliance design should not be enabled by default .

▲ chart 3 Schematic diagram of technical measures for personal information protection

As mentioned above , Data compliance involves many aspects , Including policy research 、 Compliance assessment 、 Management system and technical measures , With a clear division of labor within the enterprise , These works shall be undertaken by their respective relevant departments .

02 Stakeholders in data compliance work

1. Stakeholders involved in functional development

Take software development as an example to illustrate stakeholders , Pictured 4 Shown , The stakeholders involved in data compliance are as follows .

▲ chart 4 Schematic diagram of stakeholders for personal information protection in software function development

2. Stakeholders in data development

In the age of big data , In addition to traditional software development , It involves more data utilization , Including data analysis 、 data mining 、 Deep learning 、 Algorithm recommendation 、 User portrait, etc . There are two types of stakeholders involved in data development .

1） Data scientist department , Including Algorithm Engineers 、 Data Engineer , Its main responsibility is to realize business requirements through data . for example , Build an algorithm model to match users and drivers in the online car Hailing service , Complete the most efficient distribution , Reduce user waiting time . Complete such requirements , A wide range of data, including personal information, needs to be analyzed , Including the centralized taxi location of users 、 Time and taxi habit , Build the corresponding algorithm model .

The data scientist Department has a stronger demand for data than the software development department , But because of deep learning and other reasons , It is difficult to explain the relationship between personal information and the achievement of goals . therefore , Data compliance personnel need to work closely with data scientists , While ensuring the protection of personal information, it also promotes the exertion of data value .

2） Big data platform Department , Its main responsibility is to build a big data platform , Including data storage architecture 、 Metadata 、 Infrastructure such as data analysis engine . The big data platform can meet the personal information protection requirements on the data platform side , Such as data discovery and data flow graph , Provide basic materials for the evaluation of personal information protection , At the same time, observe the compliance implementation effect .

3. Stakeholders of management system and technical measures

As mentioned earlier , We need to establish a management system and security technical measures to protect personal information . The information security management system and security attack and defense departments were very mature before the emergence of personal information protection , Usually called Information Security Department .

The data compliance work should fully cooperate with the information security department , Add personal information protection to the information security management system , Iteration is Personal information security management system , At the same time, continue to implement and consolidate safety technical measures , Including vulnerability management 、 Data leakage prevention, etc .

This article is excerpted from 《 Data compliance ： introduction 、 Actual combat and advanced 》, Issued under the authority of the publisher .（ Book number ：978-7-111-70536-9） Reprint please keep the source of the article .

Extended reading

Extended reading 《 Data compliance ： introduction 、 Actual combat and advanced 》

Recommended language ： A Practical Workbook for enterprise data compliance governance ！ The secret to the growth of data compliance professionals ！

Dry goods go straight to

• Explain big data in detail 、 The application of data storage and edge computing technology in the metauniverse

• Internet companies that use users as leeks , It's over
  

• The development of Cloud Computing 4 Stages , At last someone made it clear

• The three door problem of counter intuition ,80% All people are wrong ？

More exciting

Enter the following dialog box in the official account dialog box key word

See more quality content ！

read  |  book  |  dried food  |  Make it clear  |  God operation  |  handy

big data  |  Cloud computing  |  database  | Python |  Reptiles  |  visualization

AI |  Artificial intelligence  |  machine learning  |  Deep learning  | NLP

5G |  Zhongtai  |  User portrait  |  mathematics  |  Algorithm  |  Number twin

According to statistics ,99% The big coffee is concerned about the official account