译稿：遗忘的权利 为新大数据规则准备的五个小贴士

36大数据专稿，本文由36大数据翻译组Zero翻译，转载必须获得本站及译者的同意，拒绝任何不表明译者及来源的转载！

“遗忘的权利”使得像谷歌和微软这样的大公司按照欧洲法院的规定急忙删除互联网上哪些过时的搜索信息。但是英国的企业真的准备好了迎接这场即将到来的数据改革浪潮吗？

高层讨论欧盟新通用数据保护规则——计划协调数据监管整个欧洲,并给予公民更大地控制他们个人数据的权利——本月再次开始。预计将于明年批准并在2017年全面确定。

被遗忘的权利可能不是最终的表达——它可能改述为“删除的权利”。

但是当新的规则取代当前所参照的1998年欧洲数据保护标准时，对任何以处理欧洲公民数据的公司来说影响都是巨大的。

对所有公司来说最大的恐惧将会是潜在的数据泄露所带来的巨额罚款，占每年总营业额的5%，甚至能高达一亿欧元。

新规则把数据处理者和数据控制着都纳入了监管的范围，所以每个处理数据的公司无论其规模和业务都会受到影响。

其他的新规定将包括要求在收集公民的数据之前必须首先征得公民的同意。

这些都是巨大的挑战，但是在以下五个主要领域中，公司可以采取基本的数据收集、存储、和销毁原则来为将来所有可能性做准备。

1.清理你的数据并理解它们的价值

从审计开始区分当前存储的多少数据是实际需要保存的，是有用的记录，还是垃圾或数据噪音？销毁不必要的信息，有助于构建一个清晰的未来，特别是在新的规则下如果数据需要搜索和编辑。对需要保存的数据，确定你知道存储的位置，使用者是谁，怎样使用和如何来保护它。另一个值得关注的事情就是新规则希望包括公民想要得到他们可用数据的携带权利，这也是一个巨大的挑战。然而，合理的数据使用关键就是首先要理解它的价值。将数据视为一种资产你会有一个好的开始。

2.明确责任人和所有权

对违规者的巨额罚款，高达占总营业额5%的处罚原则，对拥有所有权和责任人来说，遵守新规则显得至关重要。弄清楚在你的企业中负责不同类型数据的负责人，IT经理、首席信息官、信息管理者或外包公司。

3.立刻开发程序处理数据泄露

欧盟所有的公司很快就会被要求建立一个数据泄露的系统，包括能通知受影响者的程序。新规则希望为向数据数据保护机构报告数据泄露设立一个严格的最后期限。为什么要等待？清晰和熟练的程序应该立刻执行，至少确定由谁来负责报告。

4.明确数据拥有者

将来，公司在收集数据时，首先需要得到公民的同意，所以要提前做好准备。任何存储个人数据的公司都应该考虑保留数据和与客户交流这些数据的合法范围。

5.设计隐私：改变你的文化

开始创建以个公司的文化，隐私被认为是每个过程和每个阶段都应该考虑的事情。很有可能在你的公司第一个接触数据的人并不是高级别人员，例如数据可以通过客户呼叫中心、电子邮件、传真和信件而接收到。设计隐私和使各级员工都意识到它的重要性，是合理数据使用和保护发展的关键。

底线是在数据迅速变化的时代，无论欧盟数据保护规则最后的草案如何。我们正在考虑建立一个满足公民更多的控制和使用他们个人数据要求的世界。所以，虽然新的规则旨在简化和协调数据规则，但是，对于那些泄露数据的违规者也给予了严重的处罚。

对企业来说，这或许是一个重大的挑战，没有必需的程序或健康的数据政策。同样，对那些没有及时分清哪些数据应该保存，哪些数据应该销毁的企业来说，前行的道路可能也存在问题。但是对于那些迎难而上，将它视为一个机遇并将数据的真正价值当做信息财富的人来说，它仍然是一个勇敢的新数据世界，现在是做准备的时候了。

作者信息：约翰.卡尔金，皇冠记录管理的信息主管，访问过近60个国家的数据管理专家。他的角色，就是为各行各业的公司提供咨询和信息解决方案，从NHS信托到金融服务，律师事务所和其他公共部门组织。一名数据保护专家，他备受关注的白皮书“远离数据石器时代”探讨了即将在下一年有望通过的欧盟通用数据保护规则的含义。

英语原文：

Five tips to prepare for new Big Data regulations

The ‘right to be forgotten’ has made big headlines as Google and Microsoft rush to delete out-dated information in internet searches following a ruling by the European Court of Justice. But is UK business truly ready for the next wave of data reform which is approaching fast?

High-level discussions on the new EU General Data Protection Regulation – which plans to harmonise data regulation across Europe and give citizens greater control over their personal data –have begun again this month. And it is predicted to be approved next year and in place by 2017.

The expression ‘right to be forgotten’ may not be included in the final draft – it is likely to be re-phrased as a ‘right to erasure’. But nevertheless the impact on any business which handles the data of European citizens could be considerable when the Regulation, replacing the current UK Data Protection Act 1988, is adopted.

The big fear for all companies will be the huge potential fines for data breaches – up to 5% of annual turnover or 100m Euros if greater.

The regulation will also bring data processors – and not just data controllers – into the net. So every company handling data will be affected, whatever its size or business.

Other new rules will include a requirement to gain the ‘explicit consent’ of citizens before collecting their data in the first place.

These are big challenges. But below are five key areas in which companies can prepare for all eventualities by adopting basic principles of data collection, storage and destruction.

Spring-clean your data and understand its value – Start with an audit to distinguish how much data currently stored actually needs to be kept. Is it ‘records’ or in fact junk or data noise? Destroying unnecessary information can help create a clearer picture for the future, especially if data needs to be searchable and editable – which it will be under the new Regulation. For data that needs to be kept, make sure you know where it is stored, who uses it, how to access it and how to protect it. It is worth considering, too, that the new Regulation is expected to include a ‘right to portability’ for citizens who want to ask for their data in a useable format – another considerable challenge. The key to good data practice, however, is in understanding its value in the first place. Treat data like an asset and you make a good start.

Know who is responsible and assign ownership – With fines for non-compliance so high – up to 5% of global turnover for those who negligently breach the rules – it is vitally important that someone in the business takes ownership and responsibility for staying up to date with new regulations. Make it clear which role in your business has responsibility for each type of data – whether it is the IT Manager, CIO, Records Manager or an outsourced company.

Develop processes now to deal with data breaches – It will soon be compulsory for all companies in the EU to have a system in place for dealing with data breaches, including processes for notifying anyone affected. The Regulation is expected to set strict deadlines for reporting breaches both to the Data Protection Authority and to the subject affected. So why wait? Clear and well-practised procedures should be put in place now – not least to identify who is responsible for reporting.

Understand whose data it is – In the future, companies will require explicit consent from people to gather their personal data in the first place; so get those processes in place early. Any company that stores personal data should consider what the legitimate grounds for its retention are and how it will communicate this to customers.

Design-in privacy: change your culture – Start to create a company culture where privacy is considered in every process and at every level of the business. It is very likely that the first person to touch data in your company is not a senior figure – data may arrive through a customer call centre, in an email, fax or mail room for instance. Designing-in privacy – and making staff at every level aware of its importance – is the key to good data practice as data protection evolves.

The bottom line is the age of data is changing fast, no matter how the final draft of the EU Data Protection Regulation takes shape.

We are looking at a world in which citizens are demanding more and more control over their personal data – and more and more access. So although the new regulations aim to simply and harmonise data regulation, they also come with severe penalties for those that negligently breach them.

It may be a significant challenge for businesses that do not have the necessary processes – or robust enough data policies – in place. Equally, for those that fail to identify early what data to keep and what to destroy, there could be problems ahead.

But for those who grasp the nettle and see it as an opportunity to truly value data as an information asset, it can still be a brave new data world. Now is the time to prepare.

About the author: John Culkin is Director of Information Management at Crown Records Management, a data management expert with a presence in nearly 60 countries. In his role, John provides consultancy and information solutions for companies across a wide variety of sectors, from NHS Trusts to financial services, law firms and other public sector organisations. An expert in data protection, his highly-regarded white paper ‘Leaving the digital Stone Age behind’ explored the implications of the forthcoming EU General Data Protection Regulation which is expected to be passed next year.

End.