Good luck with explaining it to anyone. The tech side of HOB is wailing, gnashing and currently pulling out hair over the issue !
Law firm Norton Rose Fulbright has introduced a chatbot powered by artificial intelligence that responds to inquiries on the imminent European Union (EU) data protection law the General Data Protection Regulation (GDPR).
The GDPR, which will come into effect on 25 May 2018, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the EU.
The regulation was adopted in April 2016. Fines of up to EUR20 million or 4% of the firm’s turnover (whichever is greater) can be imposed for the most serious data protection offences.
The chatbot, named Parker, helps companies in non-EU jurisdictions (including SA) to determine whether GDPR applies to their business, says Norton Rose Fulbright.
The chatbot uses natural language processing has over 1 000 conversations. It will answer a wide variety of questions non-EU companies may have on GDPR, including whether the data protection law applies to their business and what activities the rules cover, it says.
Parker first helped businesses to respond to a major change in the Australian data protection notification regime that came into effect on 22 February, says Norton Rose Fulbright.
Kerri Crawford, senior associate for Norton Rose Fulbright’s Johannesburg office, created the GDPR chatbot in conjunction with the firm’s European data protection team.
“Following the successful launch of Parker to address clients’ questions on the new Australian data protection notification regime, we wanted to examine the scope of the new EU GDPR: a subject of huge concern to businesses worldwide and which will take effect imminently,” says Nick Abrahams, Norton Rose Fulbright global head of technology and innovation.
“For South African organisations, if the GDPR applies to you, consider how you can combine your GDPR and Protection of Personal Information Act compliance programmes, as many of the requirements are similar (although there are some differences). Combining your compliance programmes will save you time, effort and money,” says Crawford.
GDPR is set to become the standard benchmark for data protection, says law firm Michalsons. A company might not actually have presence in Europe, but if it processes any data of EU citizens, then it will have to take into account the GDPR. It might even be more important for that company than the Protection of Personal Information Act (POPIA).
