As new technologies continue to emerge, data privacy is critical

When the world marked International Privacy Day last week, the message was simple – to remain relevant, data protection professionals must adapt as the operating environment evolves.

Technology has changed the way we live, work, and connect, presenting both opportunities and challenges for data protection and privacy. Our experience can either be simplified or complicated based on our interaction with it.

Potentially disruptive technologies continue to emerge, with the current focus in Kenya and globally being on artificial intelligence (AI), specifically generative AI and deep fakes, and their implications on various aspects, including privacy and intellectual property within the existing regulatory environment.

It is crucial to refer to the guiding principles that define exemplary data protection and enforce individual privacy rights when faced with change.

Firstly, Privacy by Design must be upheld in every innovative use of technology to process personally identifiable information. Laying a strong foundation is essential to ensure that the appropriate safeguards are in place to protect individuals’ data amid an evolving landscape enabled by technological innovation.

The tech revolution continues to challenge conventional data processing – cross-border businesses are being conducted on online platforms, and emerging technologies are coming up with new business interactions and models that privacy must align with.

AI, machine learning and the Internet of Things (IoT) have brought automation and predictive analytics into data processing. This can assist in identifying trends, solutions and customer journeys that enhance customer experience and engender greater trust in an organisation’s data processing and predictive capabilities if applied transparently and with the appropriate care.

Data Protection Impact Assessment (DPIA) is also key in ensuring that the risks are appropriately identified and mitigated. Administering this tool and critically considering all the questions raised can help an organisation proactively manage its privacy risks by embedding the appropriate controls into its new processes and products from the beginning.

Now more than ever, while conducting the DPIA, the risks around the cross-border transfer of data, data minimisation, purpose limitation, encryption, retention of data, and legal safeguards like terms and conditions and legal basis for processing, need to be considered and built into the solutions to embed privacy by design.

Secondly, in my experience with managing any changing risk landscape, creating a common understanding is important.

At Safaricom, we have adopted the Agile process of delivery whereby solutions are developed at a rapid pace with incremental sprints to deliver value to our customers quickly and innovatively as opposed to traditional waterfall project management. This process requires that we enable and embed appropriate knowledge and experience at the development or squad level. The only way this can be done effectively is to build a culture that speaks to the values and practices we wish to see upheld in our business.

Mr Mulila is the Chief Corporate Security Officer at Safaricom