‘With great power comes great responsibility.’
API strategies may be worlds apart from the grand speeches and moral lessons of this well-known phrase
However, what APIs have in common with this phrase is the central concept– a duty of care.
Businesses have benefitted massively from advancements in API and integration technologies, which open doors to new opportunities and revenue sources. These tools and functions have improved data accessibility by bringing it out of the periphery of on-premises sites and into the mainstream.
Nevertheless, change does not come without risk, and when customer data is the topic, this is especially relevant. The question, then, is how can businesses benefit from APIs while safeguarding consumer data?
Navigating data in a post-GDPR world
To drive success in the business world, organisations need to deliver growth and make decisions based on large volumes of sensitive customer data. However, 2019 is set to be the worst year ever for data breaches, with the number of exposed records up by 54% in the first half of the year. What’s more, today’s consumers are increasingly savvy about their data. In this climate of cybercrime, organisations need to be certain that the way they handle and process customer data complies with contractual agreements.
That being said, while mass data breaches regularly dominate headlines, the biggest cause of worry is no longer hackers. Rather, organisations need to look beyond the papers and ensure the data they’re processing is done in accordance with the way their customers believe it is being used.
In the years since GDPR was implemented, almost €400 million of fines have been levied. Therefore, ensuring regulatory compliance once this information has been collated becomes paramount. For example, in January 2019, France fined Google £44 million for breaching the transparency and consent requirements in connection with the way they processed personal data for advertising personalisation. And then in September, Twitter reported that it too had processed personal data in a manner that may have been in breach of regulations.
In both cases, it seems reasonable to speculate that the over-enthusiastic use of data by developers, exposed through APIs, may be at the root cause of such incidents. So how could this and the subsequent reputational fallout have been avoided?
According to ICO guidelines, there are six lawful bases for processing data to which businesses must effectively manage and deploy their APIs if they are to ensure compliance. This means having complete, end-to-end visibility and security for B2C, B2B and B2B2C transactions, spanning across all data sources whether they be applications, devices, on-premise or in the cloud.
Failing to comply could cause severe reputational damage. For example, in the event of a data breach, individuals may be personally liable for up to £500,000 per incident. In this context, how can organisations trust developers to simply ‘do the right thing’? And perhaps more importantly, can organisations ensure they have the necessary systems in place to control the way APIs expose sensitive data?
Luckily, integration and API platforms offer a solution, ensuring that the whole API lifecycle, from requirement to retirement, can be properly managed. This helps to minimise the likelihood that the power APIs provide is abused. From there, policy engines ensure the usage scope of every API can be defined and enforced while reverse invoke technology removes the need to open firewall ports, reducing the chances of hacking.
Integration and API platforms enable users to swiftly onboard partners and exchange documents with API-based standards. With Gartner stating that partner ecosystems are ever more critical, this proves invaluable as companies look to differentiate their offerings and compete effectively. In essence, coherent integration ensures that organisations can transact and share data with partners while platform technologies ensure they are created and managed effectively.
With access to this information, businesses can ensure the timely and accurate transaction of daily, crucial business documents while streamlining their supply chain, accelerating order-to-cash and increasing customer satisfaction.
APIs create new opportunities for businesses to meet their strategic goals. Nevertheless, with the keys to such a large pool of personal data, and the 2020 consumer more data-aware than ever, they need to be utilised responsibly. Trust is key, and transparency around how customer data is used must therefore be integral to business operations – the alternative has the potential for financial and reputational repercussions.
Integration and API technologies can be employed to avoid such risks, streamlining the onboarding of partners and ensuring transparency and control of APIs. This will enable businesses to manage their APIs while safeguarding adherence to contractual and regulatory obligations.
About the Author
Tim Holyoake, Principal Business Architect at Software AG. Software AG reimagines integration, sparks business transformation and enables fast innovation on the Internet of Things so you can pioneer differentiating business models. We give you the freedom to connect and integrate any technology from app to edge.
Featured image: ©DamienGeso