GDPR and cyber security
Since the entry into force of the GDPR, the European Data Protection Regulation, companies have been forced to strengthen their security systems aimed at protecting the personal data they hold. cyber security must therefore be at the heart of the major concerns of companies.
Consumers providing more and more personal data on different sites and applications, the latter represent both a source of value for companies and a potential prey for hackers. And for good reason, guaranteeing the protection of the personal data of their customers is increasingly difficult for companies. Indeed, the growing interactions between their services and the smartphones of individuals make their cyber security system more fragile, as does the professionalization of hackers. Hence the deployment of the GDPR, which we recall, aims to strengthen the right of European citizens vis-à-vis the use of their personal data.
How can AI protect data?
In order for a company to fulfill its obligations vis-à-vis the GDPR, the tools of governance and risk management play a particularly important role. Two types of measures must therefore be adopted. On the one hand, technical measures including the deployment of technologies to protect and arbitrate access to a company's computer systems; on the other hand, organizational measures involving control processes concerning third parties who come into contact with the company's data. These measures must also allow the control of the data entry methods as well as the way in which this data is used.
All these measures are intended to ensure maximum security of a company's data , so as to protect it from hacking, illegal dissemination or inappropriate use. Likewise, these technical and organizational measures aimed at protecting data will have to be regularly revised in order to be as close as possible to new consumer uses and remain compliant with the GDPR.
In this context, it seems obvious that man alone cannot face these challenges and that artificial intelligence can be an asset.
For several years now, artificial intelligence has been a technology that companies use regardless of their field of activity. Improved performance, competitiveness ... Companies had no choice but to enter the digital era thanks to the contributions of AI, the latter making it possible in particular to predict consumer needs and respond to them. anticipation. With regard to the protection of personal data, here too artificial intelligence is proving to be an indispensable aid for companies that have to deal with masses of information.
First, AI algorithms are able to quantitatively assess the risks incurred by data held on a network, and transcribe them in the form of a note. And this, whatever the type of equipment and threats. cyber security software supported by artificial intelligence can automatically detect potential vulnerabilities in a corporate network as well as malicious or unwanted programs.
AI is also able to detect, analyze and defend a system against even massive cyberattacks, thanks to precise and automated analyzes of malicious activities. Artificial intelligence is even able to detect malware trying to impersonate a human user. What allow companies to block in real time all forms of cyber attacks, even the most sophisticated.
In addition to securing data against external attacks, AI is also capable, on the IT network side, of fighting fraud during real-time transactions, for example.
Finally, artificial intelligence is also of great help in the processing in itself of the personal data of users. Indeed, in addition to the maximum security of this type of data, the GDPR requires companies to collect only the data necessary for their activities, as well as to establish a precise mapping of this data within the company. Personal data said to be sensitive must also be identified and processed as it should. Software adapted to the activity sector or business context of companies is based on AI algorithms in order to carry out these missions.
As we have seen, the contribution of artificial intelligence to the protection of personal data is now unavoidable and completely desirable, in a context of Big Data where malicious acts, ever more sophisticated, are increasing. However, can we fully trust AI for cyber security?
Can we fully trust AI for the processing of personal data?
There are still certain limits to the use of artificial intelligence in the protection of personal data. Ethical and moral limits on the one hand, but also cases where the protection of personal data proves to be an obstacle to AI.
Take for example the algorithms that use personal data to predict and analyze consumer behavior. In particular during a checkout, the camera will capture the customer's movements in order to identify whether all the items have been collected. In doing so, it will have to recognize the face of the consumer in its database. Although the information will not necessarily be preserved, it is still processed by artificial intelligence software, which is debatable from a moral point of view. Another ethical problem brought by AI to the service of personal data, in China, a system of scoring people(SCS: Social Credit System) is being deployed. Citizens will now be subject to a social rating, which depends on a positive or negative appreciation of their actions, however small they may be.
Finally, the regions of the world which are not subject to legislative texts governing the use of personal data will, in fact, have more advanced research and development potential than the territories where the regulations hamper the development of algorithms. The reason is very simple: the more numerous and varied the data, the more precise and adequate the results displayed by the AI software. A risk of technological dependence cannot therefore be excluded.