Introduction
To function successfully in society, individuals and companies need control over their own data. That is exactly what “Mind Your Own Business Information” offers.
The European General Data Protection Regulation (GDPR) gives individuals various rights to control their personal data. This is only possible if companies take management, security and compliance measures that demonstrably and effectively protect this data. Additional legislation has now come into force or is in the pipeline, in particular the European AI Act. This regulation regulates the use of artificial intelligence (AI) and will most likely enter into force in 2024. The application of AI can have a profound impact on personal privacy and freedom of entrepreneurship. The legislator recognizes this and we can say that the AI Act further strengthens the rights of individuals to protect their data and further expands the obligations for companies.
We must also consider this European and national legislation against the background of expanding a data-driven society and the further professionalization of internet crime.
Social views and morals are reflected in laws and rules. The GDPR calls on company management to account for its responsibility (the notion of accountability) for taking measures in business processes “by design”, resulting in “compliance by default”. In other words, company management is accountable for ensuring that personal data is protected effectively.[1] This legal requirement can only be met from a business perspective if management organizes its business activities in a data-centric manner. With the AI Act, the legislator goes one step further. The legislator expects company management to participate in an Information Ecosystem of trust, in which it makes agreements with its partners and individuals about the responsible use of company and personal data. MYOBI recognizes these expectations of the legislator. She has developed a trust network that aims to facilitate companies and individuals with Information Ecosystems and Personal Data Stores.
In this blog we discuss the MYOBI Trust Network, the Information Ecosystem and applications. In subsequent blogs we will discuss the further development of the trust network.
I. The MYOBI Trust Network
The MYOBI Trust Network has laid down its rules in a policy and uses a code of conduct, see also the working method. The code of conduct is provided for in the GDPR and the AI Act. The policy consists of the following parts:
- Agreement;
- Terms and Conditions;
- Personal and Business Data Agreement;
- Service Level Agreement (SLA);
- Accountability Seal Policy;
- MYOBI Code of Conduct; and
- Mediation regulations.
In the first half of 2024, professionals and lawyers from Duthler Associates and First Lawyers respectively will work on updating the code of conduct and the VIE association will submit the code to the Dutch Data Protection Authority (AP). Using the Accountability Seal, management indicates the level of compliance with the code of conduct.
The most important challenge for company management is to build and maintain awareness and train management and employees in the effective protection of company and personal data. Duthler Associates is continuing to develop additional training courses for the ‘social responsibility’ awareness and training program. Users of the Information Ecosystem always have access to their company-specific learning environment, based on Moodle Workplace.
II. The Information Ecosystem
On the trust network, MYOBI facilitates its business users with their own Information Ecosystem.
In recent months, MYOBI has expanded its reputation management in the Information Ecosystem with company and personal data from the authentic source of the Chamber of Commerce’s trade register. With the help of the Information Ecosystem, management exchanges data with the authentic source. This gives her control over her company data that she shares with partners in her own ecosystem.
The nature and size of the data set of the authentic source has proven to be extensive (company and personal data, building and maintaining the corporate family (holding and operating company structures), filings of XBRL taxonomy-driven financial and non-financial data, notifications from the status of the company, the authorization register and others. MYOBI unlocks the dataset step by step in the Information Ecosystem. The company data not only relates to its own data, but also to the data of all natural and non-natural entities and companies in the Netherlands.
Based on the experience that MYOBI gains in unlocking data from the Dutch authentic source, it will also unlock other authentic sources.
In the following blogs, MYOBI reports on the progress in developing reputation management.
Functionality
Business users can request MYOBI’s Functionality Board for additional or different functionalities. The Functionality Board then develops User Stories and plans the necessary system development and testing activities.
The following functionalities are planned for the first half of 2024:
- Code of Conduct: MYOBI, in collaboration with professionals and lawyers from Duthler Associates and First Lawyers, is expanding the code of conduct for the AI Act. The AI Act explicitly mentions the application of a code of conduct and an information ecosystem of trust. This code of conduct provides for mediation as a form of extrajudicial dispute resolution and an accountability mechanism.
- Reputation Management: For effective business, it is essential that companies effectively manage their reputation. The legislator encourages company management to do this. Business operations need reputation management to be successful and to keep liability and cost risks manageable. Step by step, MYOBI further facilitates reputation management.
- Integrating SBCM into MYOBI: Management effectively organizes business activities with business processes that include management, security and compliance measures, and where the processes are supported by IT resources. The SBC Management System maps the management organization for privacy management. It is obvious to include the SBC Management System in the Information Ecosystem as an App for reputation management.
- Integrating a company-specific learning environment, based on Moodle Workplace, into MYOBI: Developing and maintaining awareness and knowledge among management and employees about protecting company and personal data is a necessary but insufficient precondition for effectively organizing company activities . It is the basis for the reputation management awareness and training program. The professionals at Duthler Associates develop the programs and make them available to MYOBI users.
- Next: The MYOBI Functionality Board has drawn up a roadmap for 2024 and is adapting it to the wishes of users of the Information Ecosystem. After the release of supporting the reputation manager, the Board adjusts the roadmap with the User Stories and communicates it with the users.
Finally
MYOBI aims to optimally support the reputation management of companies with the help of an Information Ecosystem of trust. By reputation management we mean controlling and protecting company and personal data.
In this way, companies simultaneously organize – from their business operations – their demonstrable compliance with legal obligations, in particular the GDPR and AI Act. They organize their business activities with business processes that include management, security and compliance measures so that reputation management takes place effectively and demonstrably. If desired, well-trained advisors can provide support in this regard.
Interested?
Please feel free to contact us.
[1] The notion of accountability requires controllers to comply and to demonstrate compliance with the new rules, Giovanni Buttarelli, May 2016.
