Data: a matter of trust
In recent years, Denmark has sought to make its public services more efficient and responsive, in part by digitizing administrative tasks and processes. Therefore, Danes have handed over more of their personal data to public bodies.
New EU regulations governing data protection are coming into force in 2018, and public debate about the security of data is growing louder. Denmark’s digitalization agency decided to work with EY to test the current data capabilities of the country’s public sector organizations, identify the barriers they face and explore ways in which they can improve the handling of data in the future.
Cecile Christensen is Head of Office for System Administration and Security at the Danish Agency for Digitalization, a government organization under the auspices of the country’s finance ministry. For her, trust is vitally important: “In order to benefit from digital solutions, we need to make sure that people feel safe using them.”
The EU General Data Protection Regulation comes into force on 24 May 2018. Any organization that processes personally identifiable information on EU residents is compelled to comply with its terms. Cecile sees this as the continuation of the prevailing direction of travel, rather than a new turn. “It’s the same legislation, just with a twist. It’s more documentation, more security analysis, more risk analysis, some sharper deadlines and more requirements.”
The study undertaken with EY showed that most government agencies have the basics in order, but there’s also more work to do. One way to do more is to ensure that systems and solutions are designed from the outset with data protection in mind.
“In the public sector, we have a tradition of building large IT systems where we have gathered a lot of data, and we have a traditional way of thinking about privacy,” says Cecile. “We should look at new models for privacy, and new ways of segmenting the systems and using encryption models.”
Public sector organizations in Denmark are working hard to comply with the new regulations. But compliance must go hand-in-hand with efficiency.
“We will do it in a pragmatic way, so we can find the right balance,” says Cecile. “For a small municipality, or a small agency, does it make sense to have one dedicated person who should only focus on this area? Does each municipality and agency need a data protection officer? Can we split the roles? There are a lot of questions to be answered.”
Answers come in the form of sharing and working together across agencies, and conducting risk assessments to inform decision-making. Data security is now a universal issue. All citizens, and businesses, have important personal data that they share with public and private bodies.
Governments must make sure that they not only comply with regulations, but also use these regulations to help them think harder and more strategically about how they capture, store and use data.
Jonas Groes is a partner and Government and Public Sector Leader at Ernst & Young Denmark P/S.
For more information on digital issues please contact Rahul Rishi.
Click here to read the full article.