Productionize

How Financial Institutions Can Use KNIME To Balance GDPR Regulations and Data Usage

September 23, 2021 — by Hayley Bertsch &  Phil Winters
How Financial Institutions Can Use KNIME To Balance GDPR Regulations and Data Usage

Customer data privacy is a complicated space. The difficulty lies between collecting and safely storing data and using it to better understand customers. And the stakes are incredibly high. Collecting, storing, or using a piece of customer data incorrectly can result in enormous fines that can put organizations out of business. On the other hand, not accessing the data means organizations miss out on essential customer intelligence. Lose access to that data and the business will also suffer. 

For financial services institutions and banks the issue is amplified because of the huge amount of sensitive customer information they store. And as more finance and banking services move online, data privacy concerns only grow. Data Protection Officers are therefore tasked with finding a way to safely and easily manage customer data whilst complying with all guidelines, and let marketing teams use that data meaningfully.

Comply with Data Privacy without Compromising Valuable Insights

The solution is a standardized, transparent process that controls the access and transformation of data and delivery of insights in a way that is usable for others - such as a report, visualization, or model. In the GDPR regulations, this even has a name: automated individual decision making. 

Data analytics tools like KNIME make it easy for Data Protection Officers to create this process: they can set up once and use it over and over again. This becomes the template for standardizing data privacy across the organization and ensuring all guidelines are being adhered to. No reinventing the wheel every time. No risk of non-compliance.

Reusable Templates That Fit Into Existing Processes

KNIME lets users build a visual workflow, which can be configured to process customer data in a compliant way. The example below shows a workflow, which is freely available on KNIME Hub. Whilst it’s not yet a functioning workflow (i.e. there’s no data living inside it), it’s a useful framework for getting started. 

Each step of the workflow automatically self documents what is happening. This transparency is essential not only for others wanting to understand the process, but also for any checks by Data Compliance Officers or external auditors. The workflow, or parts of it, can be packaged up, locked, and shared, and becomes the standard template to ensure organization-wide data privacy compliance.

Fig. 1: A KNIME workflow, which can be used as a framework for becoming GDPR compliant. This workflow highlights how components can be inserted into an existing KNIME workflow to ensure GDPR compliance.

[Download this workflow from KNIME Hub]

Larger workflows, or even segments of workflows can be packaged up and reused and shared as components. These are really KNIME nodes that are created with a workflow, and enable users to bundle, reuse, and share functionality. They can be configured to behave just like normal nodes with an icon, a dialogue, and interactive views.

The example below, shows how a workflow to anonymize personal data is packaged into a component and inserted into an existing workflow for automated individual decision making. This guarantees that customer data flowing through the existing workflow is anonymized and therefore GDPR compliant.

Fig. 2: A KNIME workflow for anonymizing customer data is packaged up into a component and inserted into a second workflow.

Common GDPR Challenges Easily Handled with Components

There are four major data privacy challenges facing organizations. Components come in very useful here, because once created they form a template for handling data in a standardized way. They can be integrated into existing processes without completely overhauling an existing system or introducing new ones. Organizations can rest easy knowing they’re complying with GDPR guidelines and able to reap the benefits of anonymized customer data.

Access the workflows below, adjust them as needed, package them into a component, and insert into your KNIME workflow: 

Challenge: Identify and flag what personal data is available.
Workflow: Identify Pll and Special Category Data
Component (in workflow example): Identify PII and Special Category Data

Challenge 2: Anonymize data so that an individual is no longer identifiable.
Workflow: Anonymize Personal Data
Component (in workflow example): Anonymize Personal Data

Challenge 3: Highlight the relationship of discriminatory fields to ensure they don’t bias modeling.
Workflow: Explain Model
Component (in workflow example): Explain Model that Uses Personal Data

Challenge 4: Document all aspects of data usage for external governance or compliance.
Workflow: Consolidate Workflow Documentation
Component (in workflow example): Create Documentation for Workflow Using Personal Data 

More details of each of these workflows can be found in the whitepaper Taking a Proactive Approach to GDPR with KNIME, written by Phil Winters, KNIME. 

No More Data Privacy Headaches

The risks of non-compliance in the customer data privacy space are huge and, in the worst case, can result in failed businesses. Using KNIME, Data Protection Officers can create reusable, self-documenting templates, which can be easily embedded into existing systems and processes. This will make complying with GDPR easier and significantly reduce risk of non-compliance

You may also like