It has been just over a year since the EU’s General Data Protection Regulation (GDPR) came into force, impacting on not just European businesses, but any organisation that provides people in the region with services or goods.
Since May 2018, (and even many months before that in anticipation of the new rules) we have witnessed a major shift in attitudes towards data security and privacy. The biggest shift has undoubtedly been a new presumption of data privacy.
“GDPR has raised awareness within organisations as to how data is collected, managed and stored, and increased consumer consciousness regarding how personal data is used by businesses.”
Part of the idea behind the GDPR was to address a perceived imbalance of power between businesses and consumers around data use. So, one key success of the legislation to date has been that it has prompted organisations to think long and hard about what type of data they really need and where the real value lies – rather than collecting data indiscriminately and then assuming the cost and liability of processing and storing it.
Similarly, GDPR has nudged some businesses into re-assessing their IT infrastructure so that it is fit for purpose. Organisations are also looking for partners with robust privacy and security protection built into their services, demonstrating their commitment to the new rules.
“Yet, GDPR is not a solved problem, and many organisations are still working to achieve and maintain full compliance.”
To get there, they must establish continuous data handling practices or face penalties which can be very significant, as can any reputational damage resulting from a data incident. We have already seen Google receive the largest GDPR fine to date in France. Examples like this are a wake-up call for organisations. Many are now realising that the potential cost of non-compliance vastly outweighs the cost of achieving compliance, which should lead to higher levels of compliance across the board.
Although GDPR has been in force since May last year, it seems that there is still some confusion around who should have access to personal information and whether data covered by the GDPR can be used for anything other than its original intended purpose.
“To ensure that they are playing by the rules, we are seeing more and more businesses creating dedicated new roles focused on data security, with Data Protection Officers, Ethics Officers and Chief Ethics Officers, working closely with the business leadership to maintain compliance.”
As enterprises are becoming more and more dependent on data to remain competitive – and even survive — in the global digital economy, they are placing more emphasis on keeping their data safe. But in tandem, the threat of increasingly sophisticated and ruthless cyber-attacks continues to grow. So, whether your business must comply with the GDPR or not, protecting sensitive data is crucial and to do this, investing in robust IT security defences is absolutely key. Only then can businesses ensure compliance, while also limiting the risk of financial loss and reputational damage that a data breach can cause.
Is it possible to secure your cloud? Read our previous blog to find out.