Is data science education taking compliance seriously?


Employers sometimes complain that new graduates are not ‘job ready’. Often this complaint is about soft skills, such as the ability to work in a team. Sometimes, however, it is about specific technical skills or knowledge required in the role. An example might be particular data science techniques, or perhaps knowledge of current and forthcoming regulation in the field.

This begs the question of where the boundaries in responsibilities lie, between universities and employers. How much, in other words, can employers expect schools and universities to have done to ready their students for the world of work, and particularly to discuss the legal framework within which they are likely to have to work? This is a very difficult question to answer, particularly for institutions that draw students from around the world. Is discussing a regulatory framework appropriate in an international context? The answer, in my view, is both yes and no.

Supranational regulations

This discussion is particularly pertinent at the moment, because the EU’s new General Data Protection Regulation (GDPR) is coming into force in May 2018. This regulation covers personal data about any European citizen, and applies wherever the company processing the data is based. In other words, this regulation will apply to any company, anywhere in the world, if it holds personal data about a European citizen (and for the purposes of the regulation, the British government has confirmed that this includes British people, Brexit notwithstanding).

Should European academic institutions be teaching their data science students about GDPR? I think the answer is probably yes. But there is more to the question than classroom teaching. A growing number of courses and also overarching programmes such as the Qualitative Techniques for Economics and Management Masters Network now promise internships and industry projects. A new SAS-supported Masters program in Data Science for Business at the University of Stirling includes at least one consulting assignment with an external organisation.

Should European academic institutions be teaching their data science students about GDPR? #sasacademic #DataManagement Click To Tweet

These students will therefore be working with and for organisations that are bound by GDPR. A lack of understanding on the part of these students could be a real problem for those organisations. Should companies taking on student interns be entitled to expect that the university will have solved the problem for them, or should they take responsibility for their own data and train the students?

Finding a happy medium

I think the answer is a compromise. Universities cannot reasonably be expected to teach students about every last nuance of the legal or regulatory framework, even in their own country, never mind internationally. Quite apart from anything else, knowledge rapidly becomes out of date. What universities can — and should — do is equip students with an understanding that regulations exist, and give them some tools and techniques to ensure that they ask the right questions of any future employer, whether for a student assignment, or a long-term job.

For example, many organisations already have guidelines in place, and not just for handling personal data. Asking about relevant guidelines should become an important part of starting any project. Students and graduates should always be asking whether there are any legal frameworks that they need to understand before embarking on any work.

Students also need to understand and be able to apply best practice, and this is where universities do have a role. For example, GDPR requires companies to be able to explain the basis of any important decisions made about customers, which is difficult with self-learning algorithms. This is not, however, an entirely new issue.

Algorithmic auditing — effectively testing the model to make sure that it performs as expected, and does not produce unjustified results — is already an important part of any model development process. Good auditing will enable GDPR compliance. Anonymisation and pseudonymisation are other techniques that should be routinely considered where knowing personal identities is not essential, simply as a matter of good practice. In other words, in many cases, best practice may actually cover the regulatory requirements.

Teaching best practice

Ensuring that students learn about best practice, and understand the importance of building it in to projects routinely will go a long way to addressing employers’ fears. It will also help students to avoid problems further down the line. In my view, it is entirely reasonable to expect universities to teach about best practice, and also how it may be applied to address regulatory issues. It is, however, also essential for employers to ensure that their staff, whether temporary or permanent, understand issues around regulation. Both sides have responsibilities here.


Learn more about careers in Analytics and how business and education come together to educate new talents in our December series exploring Data Science.


About Author

Rein Mertens

Heading up team of Business Analytics Pre-Sales and data scientists

Rein Mertens is a Senior Manager, and has been working at SAS since 1995. He advises customers and prospects on how Business Analytics can help solve complex business problems and uncover potential (Big) data opportunities. He directly manages a team of consultants and data scientists working on data management, data visualization & reporting and advanced analytics opportunities. Rein has been involved in various SAS user group events. He also takes part in some international working groups to contribute his ideas in prioritizing and improving SAS products.

Leave A Reply

Back to Top