Business understanding
Home » AI » Step by step » Business understanding

“The initial business understanding phase focuses on understanding the project objectives from a business perspective, converting this knowledge into a data mining problem definition, and then developing a preliminary plan designed to achieve the objectives. In order to understand which data should later be analyzed, and how, it is vital for data mining practitioners to fully understand the business for which they are finding a solution. The business understanding phase involves several key steps, including determining business objectives, assessing the situation, determining the data mining goals, and producing the project plan.”[1]

This general objective involves four main tasks:

  1. Determine the business objectives:
    1. Uncover the primary business objective as well as the related questions the business would like to address.
    2. Determine the measure of success.
  2. Assess the situation:
    1. Identify the resources available to the project, both, material and personal.
    2. Identify what data is available to meet the primary business goal.
    3. List the assumptions made in the project.
    4. List the project risks, list potential solutions to those risks, create a glossary of business and data mining terms, and construct a cost-benefit analysis for the project.
  3. Determine the data mining goals:
    1. Decide what level of predictive accuracy is expected to consider the project successful.
  4. Produce a project plan:
    1. Describe the intended plan for achieving the data mining goals, including outlining specific steps and a proposed timeline, an assessment of potential risks, and an initial assessment of the tools and techniques needed to support the project.

These are the main actions that need to be addressed at this stage:

  1. Deciding about your business objectives
  2. Opting for the technical solution
  3. Implementing a training programme
  4. Designing legitimate data processing tools
  5. Adopting a risk-based thinking approach
  6. Preparing the documenting of processing
  7. Documenting of processing
  8. Checking regulatory framework
  9. Defining data storage policies
  10. Appointing a Data Protection Officer


1Shearer, C. (2000) ‘The CRISP-DM model: the new blueprint for data mining’, Journal of Data Warehousing 5(4): 13-23, p.14.Available at: (accessed 15 May 2020).

Checklist: business understanding

☐ The controllers have assessed the amount of data that will be needed to develop the AI solution or the nature of that data and ensured that they work well with the minimization principle.

☐ The controllers have fixed acceptable thresholds of false positives/negatives or ranges, depending on the use case and then have performed a utility balance.

☐ The controllers have adequately balanced the level of accuracy needed and the range of personal data required to reach it.

☐ The controllers have provided for the development of more understandable algorithms over less understandable ones whenever possible

☐ The controllers have ensured an optimal training for all subjects involved in the project or an adequate internal or external assessment on ethical and legal issues.

☐ The controllers have carefully designed the tools that will legitimate data processing. To this purpose, they have checked if the intervention of an ethics committee is needed or whether any kind of soft regulation is applicable.

☐ The controllers have adopted a risk-based approach (including technical and organizational security measures) that minimizes the risks to data subjects’ rights, interests, and freedoms.

☐ The controllers have implemented tools and policies aimed at assessing and evaluating the effectiveness of technical and organizational measures regularly.

☐ The controllers have considered whether the regulatory framework regarding scientific research applies

☐ The storage policies keep personal in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

☐ The controllers have considered the appointment of a DPO

Skip to content