Data protection: The role of AI, analytics and the new CDO

As data protection takes center stage in the enterprise, companies will require a chief data protection officer (CDpO) instead of a chief digital officer (CDO).

Mukesh Mehta Apr 05th 2019 A-A+

With this exponentially fast changing world of technology, it’s time for CIOs to make data privacy their utmost priority. The approach towards data privacy can be broadly classified into – attribute-based access control and machine learning for user behavioural access. 

The role of AI in data protection

The importance of strengthening defence mechanisms in the enterprise is a no-brainer. Without proper defence mechanisms, data protection is bound to get more problematic. CIOs should now come up with new and effective detect and respond mechanisms using artificial intelligence (AI) and automation. 

AI can help businesses identify, understand and analyse the trends based on historical data. This trend can be analysed for services offered, customers served and employee behaviour. The results obtained are then used to plan data protection strategy effectively. 

Irrespective of the organization size, managing data protection controls, volumes of logs and alerts churned out can turn out to be a herculean task. Also, each organization has its own rules and policies which need constant fine tuning. Here’s when automation and AI can actually bridge the gap. 

Data protection management summary:


End user awareness


Implementing DLP tool and performing data classification periodic review


Enforcement of data owner accountability

Strategizing data controls

Data classification plays an important role in securing IT systems. It helps in the analysis of organizational risks and thus helps in building an effective security infrastructure. Organizations must also ensure periodic review of their overall data strategy, which includes collecting, processing, archiving, back-up and deleting of data. 

Building business models with data will be the tenet for achieving business agility. Implementing threat intelligence on data environments will help in preventing data thefts.

Having a strong data privacy policy is incomplete without employee awareness. CIOs should ensure that employees understand the need to protect data owned by them. Additionally, organizations should implement adequate data protection controls, which can then be monitored through GRC tools, management reviews, KPI and also tested on a regular basis. 

Data is the true business enabler; hence should be understood and managed well. The key is to get proper control of data that comes into, moves and leaves the business. Here are a few pointers to keep in mind for effective data control: 

1) Best practices: The  W’s of data. This means awareness of what data to be backed up (inventory), when to back up (frequency), where to back up (offsite), and what encryption tools to have.
2) Life cycle management: Awareness of what data is collected, where it’s stored, whom it is shared with, how long to store it and when to destroy it. Data minimization, dynamic data discovery, classification and IRM solution are important and effective techniques for the same.
3) Impact on IT: Being aware of how the IT leader’s role changes as more and more data protection systems and laws come in. CIOs need to play the maker-checker card carefully. Ensuring gaps are mitigated as per risk assessment audit should be the first priority.

... The future will see DPOs who could be hierarchically closer to the top management, since he reports to the supervisory authority under GDPR or DPA under PDPA 2018. This will definitely effect the role of the CIO and CISO
Mukesh Mehta
CTO, B & K Securities India

Data protection v/s business agility:

Data protection is definitely the most important aspect for enterprise IT. However, it should not come at the cost of business agility. CIOs and CISOs should ensure the implementation of controls are solely based on business needs and not on market trends.


For the past 2-3 years, chief digital officer (CDO) has become a talking point as an emerging role in enterprises. However, I strongly feel organizations will not need a CDO, but will require another kind of CDO or CDPO - chief data protection officer. The future will see DPOs who could be hierarchically closer to the top management, since he reports to the supervisory authority under GDPR or DPA under PDPA 2018. This will definitely effect the role of the CIO and CISO. Earlier, chief digital officers were more aligned to the business head, but this new CDO will be accountable to the board and management.

Mukesh Mehta is the chief technology officer at Batlivala & Karani Securities India.

Connect with him on Twitter, Facebook and LinkedIn

Disclaimer: This article is published as part of the IDG Contributor Network. The thoughts expressed in this article are solely those of the contributing author and not of IDG Media, its editor(s). The author is not representing affiliation with his current or past organizations for the views expressed in this article.