Quality, reliability, data (III), and the impact of the GDPR …

Abstract

The General Data Protection Regulation (EU) 2016/679 (“GDPR”) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. […] Controllers of personal data must put in place appropriate technical and organisational measures to implement the data protection principles. Business processes that handle personal data must be designed and built with consideration of the principles and provide safeguards to protect data (for example, using pseudonymization or full anonymization where appropriate), and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit, informed consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or unless the data controller or processor has received an unambiguous and individualized affirmation of consent from the data subject. The data subject has the right to revoke this consent at any time. On first sight, this new law severely complicates the use of “open data.” While in my previous editorial on this subject I strongly advocated that in papers in this journal authors should give, wherever possible, contextual information that would enable future researchers to further develop prior work this new law does not make this easier. The law has rules on the collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure, or destruction of personal data. And, if I look to the papers in our journal, as soon as there is an operator/user involved, data easily becomes personal. This risk of this is that authors restrict their datasets to the bare minimum. Already now we see papers that predict or optimize quality and reliability by presenting only a table of numbers (or re-using an earlier published version) without giving any contextual information. Although conceptually often interesting these papers have little added value for engineers and practitioners since especially the contextual information is often relevant for actual implementation in real engineering systems. In order to meet these conflicting demands, I see, also in my own organization, the emergence of a new profession: data stewards. My guess is that these data stewards will fulfill an increasingly important role in the future of quality and reliability engineering. It is, of course, of utmost importance that personal information is treated very carefully. It is also of utmost importance that papers are published including contextual data in order to be of value for those who wish to apply it or use it as a basis for future research. In my own organization, we are still busy finding out the exact role for these data stewards but already now they are already of great help finding the required middle-ground.