“LET’S STAY IN touch”. Your email inbox has probably been flooded recently with emails from companies asking you to opt in to their mail-outs.
This is a result of GDPR – the General Data Protection Regulation – the EU data protection law that has been creeping up on businesses since it was first passed by lawmakers in 2016. The regulation officially came into effect on Friday.
GDPR greatly increases the standards for collecting and protecting data on European residents, while it also ratchets up the penalties for companies that fail to abide by the rules.
But while many firms will be fretting over compliance, it has also created a lucrative niche for new businesses that will help others get their ducks in a row.
Truata is a trust established and funded by Mastercard and IBM that was quietly set up in Dublin to help firms analyse their data without falling foul of data protection authorities.
It will be assisting firms in finance, insurance, airlines and automotive to safely anonymise their data and extract useful insights in compliance with GDPR.
Truata has been set up as a trust to ensure independence from its beneficiaries and customers, and it will make money by charging clients for use of its data analytics functions.
The organisation is headed up by chief executive Felix Marx. The Austrian comes from a background in telecoms and payments and most recently led Mastercard’s services in the Asia-Pacific. Truata will first analyse data for Mastercard.
“A customer removes the name, address, whatever that personal identifier might be and then sends (the data) to us,” Marx said on how the process will work.
Before the information can be analysed, Truata strips away any remaining details in the data that could link it to anyone or anything. The data is put through a “differential privacy test” to prove it has no links left to an identifiable person.
“After it’s passed this differential test, it’s ready for analytics,” Marx said.
Truata will provide data analytics for companies in a range of areas such as customer behaviour to better understand how people interact with products or to predict future trends.
The trust has been established to ensure it can operate independently of its corporate backers.
“There is still the possibility (when data analysis) is under one roof that the whole process could be reversed and the data could be identified,” Marx said.
Truata consulted with data protection authorities around Europe to establish the best structure for the organisation and eventually settled on basing it in Ireland.
“First of all, the Irish law allows us to set up as a trust,” Marx said. “Many other countries don’t. Secondly, we wanted to be audited and governed by the best-resourced data privacy agency in Europe, and that is currently the Irish one.”
Ireland’s Data Protection Commissioner, Helen Dixon, is about to become Europe’s busiest data authority as she polices the European headquarters of Facebook, Twitter, Google and many others.
Nevertheless, the commissioner’s office has faced criticism for being under-funded and ill-equipped to take on an EU-wide data policing role.
In a Budget submission last year, the commissioner asked for more resources as international scrutiny focused on the Irish privacy watchdog.
However Marx said Ireland – and Dublin in particularly – had also been earmarked due to “the pool for highly talented people in the data analytics and data science and engineering side”.
“Most people actually assume that we have chosen Ireland for tax purposes but that was never a (reason) for us,” he said.
The organisation is employing around 12 people so far in its offices in Georges Quay in the areas of data analytics, data science and engineering. It plans to be at around 100 people by the end of the year.
IBM and Mastercard are providing Truata with the systems it needs to carry out the analytics.
Earlier this week it partnered with US-based artificial intelligence and internet of things software platform C3 IoT, which is used for building applications. But Truata plans to develop its own tools and IP, Marx said.
It has enlisted local help from technologists and lawyers in setting up the trust, including Barry Smyth, the digital chair of computer science at University College Dublin and Aoife Sexton, the principal at specialist law firm Tech Law Services.
“We are aiming for hundreds (of customers) in two and a half years,” Marx said.
“Because GDPR is going horizontally across all industries, we see the demand coming from all industries.”