Tech experts discuss third anniversary of GDPR
Faisal Abbasi, Liz O’Driscoll, Declan Dickens, Chris Huggett, Adam Mayer
Today marks the third anniversary of the application of GDPR in the UK. Complying with the EU data privacy regulation remains an ongoing challenge for organizations, as does increasing cybersecurity expectations and threats. This anniversary is the perfect opportunity to reflect on how the increased reliance of consumers and businesses on online services during the pandemic has made data integrity more important than ever.
Since its creation, European data protection authorities issued around 700 coercive measures. The UK’s Data Protection Authority, the Information Commissioner’s Office (ICO), has just published The data covering July 1, 2020 to October 31, 2020, revealing that the ICO received 2,594 data breach notifications. This clearly proves that cybercriminals’ demand for consumer data shows little sign of slowing down.
In this article, tech industry experts explore the basic components of governance and data protection in today’s e-business landscape and offer guidance on how an organization should act in the event of a breach. data breach.
SEE ALSO: Data Protection Day 2021: Industry Experts Discuss Progress
Processing of sensitive data
Faisal Abbasi, MD EMEA at Amelia explains how organizations should manage the process of handling sensitive data. “For organizations dealing with customers in finance, banking and insurance – and increasingly in healthcare as well – the challenges of data are only growing. more complex, as more data is generated to define business needs and more and more people are now leading their professional and personal lives. from personal devices. But failure to securely handle personal data can have costly and damaging implications in the event of a possible breach.
“This is why in many highly regulated industries, like banking and insurance, we are seeing an increase in the number of organizations deploying AI-powered digital employees to increase the ability of human employees to manage data. sensitive. Trained to follow specific rules and processes, and quickly adaptable to comply with new regulations, digital employees can act as whispering agents to guide their human counterparts through processes that carry numerous privacy risks in order to reduce the risk of human error and prevent unauthorized sharing. of data. “
Strengthen citizens’ confidence
Liz O’Driscoll, Head of Innovation, at Civica discusses the importance of maintaining citizens’ trust through data privacy. She says, “Whether it’s personal bank details or mRNA vaccine codes, personal data is extremely valuable, which makes privacy all the more important. By increasing innovation, we improve the protection of this data and use it as a force for good. This improves citizens’ confidence at a time when the pandemic has fueled the government’s reliance on data to deliver essential information and services to the general public.
“Data privacy is essential to maintain this trust and help citizens understand the benefits of sharing their data. When GDPR was introduced three years ago, it ensured that organizations put data privacy in mind, which helps build trust. By building citizens’ trust, people-centered services will become more important. These services can adapt and meet our preferences and provide earlier interventions for those who need them most. “
Put the work in
Declan Dickens, Senior Manager, Northern Europe at Checkmarx says there is still a lot of work to be done when it comes to widespread action and accountability around data privacy. He said: “A new report noted that more than 661 fines have been imposed since the GDPR became enforceable, for a total of 292 million euros – a worrying number. It is important that lawmakers and organizations do not become complacent in this critical effort. Fragmentation and gray areas issues still exist with GDPR, which continue to create a variety of issues. GDPR, and data privacy protections more generally, should be a living and breathing initiative, constantly updated to reflect changes in end user needs, evolving regulatory requirements, etc.
“Organizations that develop particular applications need to ensure that they comply with the requirements of the GDPR. The related articles (25, 32, 33, 34 and 35) reaffirm the steps necessary to secure the data passing through the applications, in addition to what must be done in the event of a data breach. For those looking to stay compliant, we suggest they follow the “ privacy / security by design ” rule first – ensuring that data security and privacy is considered during the phase planning of any product or solution, as opposed to during development – to protect data from attackers. by default. For existing operations, organizations should work to uncover weak spots in the way the data flow is processed and managed by performing gap analysis to find what is working and what needs to be worked on or removed. “
Manage the switch to remote work
Chris Huggett, Senior Vice President, EMEA & India at Sungard AS says the move to remote work has posed new data privacy challenges. He says, “The huge growth in remote working during the pandemic has led to a dramatic increase in cloud spending to maintain the operational efficiency of organizations. While hybrid and public cloud solutions have been the natural choice in this case, companies should be aware that a distributed data storage model presents a challenge for one of the key facets of GDPR compliance: knowing exactly. where the data is located. Therefore, companies looking to migrate data from on-premises data centers to public or hybrid cloud should be diligent to ensure that visibility is not sacrificed.
“This need for visibility into distributed cloud systems is driving the demand for so-called ‘sovereign’ cloud solutions, which offer the fundamental benefit of ensuring that all data is stored on servers located on UK soil. GDPR is now driving the adoption of sovereign managed cloud solutions, along with other factors such as cybersecurity and the uncertainty surrounding post-Brexit data transfers. Such solutions are essential to help bridge the growing gap between operational flexibility and regulatory compliance, and provide businesses with peace of mind when migrating to the cloud. “
SEE ALSO: Readjust cloud and data privacy forecasts
The value of data
Adam Mayer, Senior Manager at Qliksums it up well when he talks about the value of data to modern businesses. He says, “Real-time data is one of the most valuable resources for modern businesses, enabling organizations to make the right decisions at the right time based on customer needs. However, this need for speed cannot come at the expense of the privacy of their customers. Businesses need a clear data governance strategy on how they collect, use and store data, especially personally identifiable information (PII), as well as ensuring that access is managed with care. . Understanding data lineage, managing access through a data catalog, as well as providing data education so employees understand how to responsibly pull and use different data sources are all critical to ensuring that it operates at speed. of the business will not help create new compliance issues.
“However, as the volume and speed at which we consume data increases, we need to look beyond traditional approaches to governance and think about how analytics itself can support compliance. Analytics programs can help IT teams visualize and manage who has access to what information and whether it remains relevant to their role. For example, this could be by pulling together disparate data sets on user access controls and the HR lists of outgoing, starters and changers to ensure that there are no anomalies where the people retain access to information that is no longer appropriate for their role.
“Analytics can also help to proactively manage data retention policies, so that personal data is not retained too long, that is, when it is no longer needed after processing. form, or kept without consent. Analytics platforms can assess when to dispose of personal data quickly and securely. This can ultimately help companies bring real intelligence into data privacy management to reduce the risk of human error and streamline processes for IT teams. “