• Follow us


GDPR - weathering the storm, one year on

One year on since the infamous General Data Protection Regulation (GDPR) was implemented, how much has the regulation actually changed how data protection is viewed and regarded when it comes to businesses? It’s no secret that data is the lifeblood of an organisation, but with the threat of heavy fines, strict guidelines, and meticulous compliance regulations, the implementation of GDPR made businesses step up and think about their data in a more stringent way than before.

With this in mind, 13 IT experts have shared their thoughts and advice with ITProPortal, as to the different ways companies can ensure they are compliant with GDPR, and how they can continue to be in the years to come.

The C-Suite now has more responsibility for customer data protection

“Amid much fanfare GDPR came marching over the horizon with bundles of confusion, poor interpretation and the usual “silver bullets” from the technology world,” commented Steve Armstrong, Regional Director, UK, Ireland & South Africa at Bitglass. “Outside of many technology companies extolling “the” solution to make organisations GDPR compliant (which frankly is a pure figment of their marketing team’s imaginations) there have been some interesting consequences of GDPR.

“From a technology perspective, organisations are being far more diligent on contracting terms and getting a clear understanding how their data is being handled by their tech partners and ultimately what jurisdiction the data is being processed in.

“The C-suite has now much more responsibility for customer data protection. This likely caught many organisations off guard; but on the plus side it has broadened the conversation about data security from something the guys in the basement did, to a board level addressable issue.”

Organisations are still actively trying to comply

"With the one-year anniversary of GDPR approaching, the regulation has made an impact in data protection around the world this century,” said Alan Conboy, Office of the CTO at Scale Computing. “One year later with the high standards from GDPR, organisations are still actively working to manage and maintain data compliance, ensuring it’s made private and protected to comply with the regulation. With the fast pace of technology innovation, one way IT professionals have been meeting compliance is by designing solutions with data security in mind. Employing IT infrastructure that is stable and secure, with data simplicity and ease-of-use is vital for maintaining GDPR compliance now and in the future.”

GDPR is replacing VPN technology

“The introduction of the GDPR has impacted an unprecedented number of business processes, and security and risk teams are struggling to meet all these simultaneous demands,” believes Hubert Da Costa - SVP and GM, EMEA at Cybera. “On a more positive note, it has also brought an opportunity for companies to leverage new or additional technology solutions. Take the network edge as an example. This is one of the primary areas where personal data is at risk. In the past 12 months we’ve seen many organisations using GDPR as an opportunity to replace traditional VPN technology at the edge with SD-WAN technology. Due to its multiple data security capabilities, and levels of visibility and auditability, SD-WAN enables organisations to better meet GDPR guidelines. With Gartner predicting that before the end of 2021, more than one billion euros in sanctions for GDPR non-compliance will have been issued, we’ll continue to see security and risk teams under pressure to protect user data and privacy.

Companies should not avoid punishment for poor data handling

"The key to every new regulation is the punishment and their ability to enforce it,” says Naaman Hart, Cloud Services Security Architect at Digital Guardian. “Ultimately without the plausible threat of punishment the regulations will fail to impact wide sweeping change.

"So far the ICO of the UK hasn’t fined anyone under the GDPR which is evidenced by the ongoing miniscule fines dished out to offenders. Facebook as an example was fined a measly £500’000 for the Cambridge Analytica scandal, the maximum under the old Data Protection Regulation which GDPR replaces. Were that case brought under the era of the GDPR then they could’ve been looking at substantially more and it might’ve served as a necessary warning to companies with similarly dim views of privacy.

"As we enter the second year of the GDPR we can but hope that cases and fines continue to paint a picture that companies cannot avoid punishment for poor data handling.If the risk outweighs the reward then we should see a societal shift towards better privacy which benefits everyone."

GDPR is cutting teeth and shifting attitudes.

“As the GDPR celebrates its first birthday, there are some parallels to be drawn between the regulation and that of a human reaching a similar milestone,” comments Samantha Humphries, senior product marketing manager at Exabeam. “It’s cut some teeth: to the tune of over €55 million – mainly at the expense of Google, who received the largest fine to date. It is still finding its feet: the European Data Protection Board are regularly posting, and requesting public feedback on, new guidance. It’s created a lot of noise: for EU data subjects, our web experience has arguably taken a turn for the worse with some sites blocking all access to EU IP addresses and many more opting to bombard us with multiple questions before we can get anywhere near their content (although at least the barrage of emails requesting us to re-subscribe has died down). And it has definitely kept its parents busy: in the first nine months, over 200,000 cases were logged with supervisory authorities, of which ~65,000 were related to data breaches.”

“As well as making businesses more accountable, GDPR has certainly had a hand in shifting attitudes towards data privacy, which is significant given that everything we do today centres around data, adds Eltjo Hofstee, managing director at Leaseweb UK. “Considering GDPR’s impact specifically in a data centre context, from our perspective, customers as the data controllers carry the main responsibility of ensuring compliance, however owners and operators also have a role to play as the data processors.

“Being able to demonstrate that our systems and infrastructure meet the technical and organisational requirements to support GDPR compliance is good business practice, and meaningful to customers. We therefore ensure that in our agreements we are clear where critical data is located, from geographic location to devices, servers, and/or networks. Cementing this type of information at contract level also serves to clearly define the roles and levels of responsibility for GDPR between data centre operators and customers.”

Backup is key

“Since the implementation of the infamous GDPR last May – a date that’s likely engrained on every IT team’s mind for all eternity – meeting data protection regulations has never been so important,” says Steve Blow, Tech Evangelist at Zerto. “Yet despite the day coming and going without a bang, we still see many companies living in a compliance no man’s land – not fully confident in their compliance, but also aware of the regulation and the implications of rogue data.

“Although there have been a significantly less amount of fines than we all predicted, no business should become lax about compliance. My advice to those still in a grey area is to make sure their business is IT resilient by building an overall, comprehensive compliance program.

“A key component of this program should be backup. Backup that is continuously protecting data, making it easily searchable for long periods of time and ultimately, also, preventing lasting damage from any data breach you have to report. Peace of mind is a top priority for all IT teams and GDPR has definitely lead to some sleepless nights, but with an IT resilience solution that has your back, you can rest easy.”

The right to be forgotten

"Over the past 12 months, GDPR has provided the perfect opportunity for organisations to reassess whether their IT infrastructure can safeguard critical data, or if it needs to be upgraded to meet the new regulations,” says Rod Harrison, CTO of Nexsan, a StorCentric Company. “Coupled with the increasing threat of cyber attacks, one of the main challenges businesses have to contend with is the right to be forgotten – and this is where most have been falling short.

Any EU customers can request that companies delete all of the data that is held about them, permanently. The difficulty here lies in being able to comprehensively trace all of it, and this has given the storage industry an opportunity to expand its scope of influence within an IT infrastructure. Archive storage can not only support secure data storage in accordance with GDPR, but also enable businesses to accurately identify all of the data about a customer, allowing it to be quickly removed from all records. And when, not if, your business suffers a data breach, you can rest assured that customers who have asked you to delete data won’t suddenly discover that it has been compromised.”

“One year on from the implementation of GDPR, the bruising barrage of fines and thousands of ‘Right to be Forgotten’ requests have – broadly speaking – been avoided,” says Nigel Tozer, Solutions Marketing Director, EMEA at Commvault. “In the lead up to and over the past year, there has been a raft of new ‘solutions’ flooding the market, often claiming to be the silver bullet for GDPR.

“The fact of the matter remains however, that there is ‘no one size fits all’ solution that you can plug in and simply press ‘go’, to solve all the regulatory requirements. There are, however, solutions available that allow the more effective identification, indexing, sorting and management of data in ways that enable organisations to more easily meet ‘Right to be Forgotten’ requests or provide notifications and visibility around data breaches – all of which are key components of GDPR.

“As we approach the first anniversary of the inauguration of GDPR and review the present state of the regulatory landscapes, the key takeaway for us all should be this: regardless of shape or size, it remains of vital importance that organisations continue to take stock of how GDPR is evolving; reflect on how far they have come in their own compliance efforts over the last 12 months; and seriously consider how far they may still have to go.”

Look towards the ISO27001

"Before GDPR came to be law, most people were confused as to what it actually was, as well as what they needed to do to fully comply,” states Graham Marcroft, operations and compliance director at Hyve Managed Hosting. “Now we are a year on, and it would seem that - aside from the jargon and scaremongering - GDPR has acted as more of a proactive force, ensuring all businesses take a good long look at their data compliance and cyber security strategies.

“The introduction of GDPR a year ago has certainly shed more light on where some companies have been going wrong, and has also meant that customers look more critically when choosing where to store and process their data. When it comes to choosing an MSP, customers are now more likely to look for somewhere that abides by guidelines over and above what is expected by GDPR, such as independent accreditations like ISO27001.”

“The new regulations might not have changed the processes for data centres that already followed their own, and independently audited, stringent data regulations,” agrees Vicky Withey, Compliance Manager at Node4. “But, having these specific guidelines in place across the board has meant that both data owners and data processors are fully aligned when it comes to strategies that ensure data is properly secure. Since GDPR, we have seen an increase in the amount of customer audits, as data owners have begun to align their practices with the regulations that reliable data centres, like ourselves, will have already had in place.

“One year on from GDPR’s introduction, and we now see that efficient cyber defences have become a big differentiator for customers when choosing where to store and process their valuable data. While there is this increasing focus on cybersecurity measures, there has also been a growing number of customers choosing to use data centres that offer stringent and robust physical security measures onsite. On top of this, customers have started looking to data processors that hold certifications which have been independently assessed, such as ISO27001, because these provide the assurance that their data will be handled correctly, and in line with strict regulations.”

Create a ‘fit for purpose’ process

“As part of our consultancy work in helping clients make data-driven decisions, we also advise them in best practice around securing their personal data when their processes may not be fit for purpose,” believes Matt Aldridge, Co-founder and CEO at Mango Soutions. “By creating and supporting ‘fit for purpose’ processes, our clients can operate effectively and consistently without needing to ever worry about whether they are GDPR compliant. This means that, as we approach the first year anniversary of GDPR coming into force, none of our clients have had to worry about this at all and any data required for ‘know your customer’ projects is always anonymised in order to meet regulatory compliance.’’

Other countries are taking note

"Last year, the California Consumer Privacy Act (CCPA) was signed into law, which aims to provide consumers with specific rights over their personal data held by companies,” states Wendy Foote, Senior Contracts Manager, WhiteHat Security. “These rights are very similar to those given to EU-based individuals by GDPR one year ago. The CCPA, set for Jan. 1, 2020, is the first of its kind in the U.S., and while good for consumers, affected companies will have to make a significant effort to implement the cybersecurity requirements. Plus, it will add yet another variance in the patchwork of divergent US data protection laws that companies already struggle to reconcile.

“If GDPR can be implemented to protect all of the EU, could the CCPA be indicative of the potential for a cohesive US federal privacy law? This idea has strong bipartisan congressional support, and several large companies have come out in favour of it. There are draft bills in circulation, and with a new class of representatives recently sworn into Congress and the CCPA effectively putting a deadline on the debate, there may finally be a national resolution to the US consumer data privacy problem. However, the likelihood of it passing in 2019 is slim.

“A single privacy framework must include flexibility and scalability to accommodate differences in size, complexity, and data needs of companies that will be subject to the law. It will take several months of negotiation to agree on the approach. But we are excited to see what the future brings for data privacy in our country and have GDPR to look to as a strong example.”

IT ExpertsImage source: Shutterstock/Wright Studio

Read More

Leave A Comment

More News

Latest ITProPortal news

Why data breaches in the health space herald New! 2019-06-26 05:00:30Now is the time for health care organisations to adopt a rigorous KYP procedure.

The impact of SD-WAN adoption on digital transformation New! 2019-06-26 04:30:13Insight into how SD-WAN is changing IT teams.

Five myths you have been told about industrial 2019-06-26 04:00:07Debunking a few common myths about AI for industrial use.

Global telcos under attack, state-sponsored groups in the 2019-06-25 08:00:22Fingers are being pointed to the Chinese, again.

AWS Security Hub now available 2019-06-25 07:30:03Organisations can now handle all security and compliance issues in one place.

Cyber security skills gap: An industry in crisis 2019-06-25 07:00:22Symantec CTO Darren Thomson on tackling the critical skills gap

Security firms are losing out when it comes 2019-06-25 07:00:03They're losing out - and some are simply losing it.

The unexpected entrepreneurial lessons I learned from the 2019-06-25 06:30:20The army might seem like the last place to learn about how to succeed in start ups...

Brexit is the biggest concern for UK tech 2019-06-25 06:30:12IT pros are still worried about the potential effects of Brexit on their industry, despite the overall “encouraging optimism”

What is the cloud and how will it 2019-06-25 06:00:45The impact of the cloud on customer experience and the hospitality industry.

CIOs and IT directors missing out on valuable 2019-06-25 05:30:14Voice data locked away and inaccessible for AI analytics, customer service improvements and future-proofing.

Can disaggregation help businesses avoid the next IT 2019-06-25 05:00:13The multi or single source dilemma now plays a leading role in IT outsourcing decision making.

TechRadar: Internet news

Cheap Google Pixel 3 XL deals - pay New! 2019-06-26 13:40:15One of the world's best phones at a pixel of a price. Get these Google Pixel 3 XL deals before they're gone.

India vs West Indies live stream: how to New! 2019-06-26 13:29:33Can the Windies pull off a surprise against the impressive India at Old Trafford? Find out how to live stream this India vs West Indies 2019 World Cup

Huawei telecom equipment 'more likely to have flaws New! 2019-06-26 13:14:23A new report from a relatively unknown cybersecurity company is making big claims about the security of Huawei's telecom equipment.

Vizio's Dolby Atmos soundbar surround system hits the New! 2019-06-26 12:19:02US giant makes takes its first steps into the UK market

Amazon's first Prime Day deal: save 40% on New! 2019-06-26 12:09:05Amazon has released its first Prime Day deal with a $120 price cut on the Toshiba 43-inch smart Fire TV.

The best Asus laptops of 2019 New! 2019-06-26 12:01:50Asus makes a wide range of laptops for all kinds of budgets and uses. Here's our pick of the best.

Get premium video editing software Digitary VideoProc completely New! 2019-06-26 11:50:35A special offer on this powerful video processing suite, exclusively for TechRadar readers.

Mysterious 16-core AMD Ryzen chip appears on leaked New! 2019-06-26 11:43:28An unknown 16-core AMD processor has appeared on Geekbench, dominating the Intel Core i9-9980XE

Amazon Prime Day deals 2019: everything you need New! 2019-06-26 11:28:33If you're looking to save money with the best Amazon Prime Day deals, we have the official date and start time for the 2019 shopping event.

Buying the perfect budget TV: how to get New! 2019-06-26 11:09:11We’re all strapped for cash – so what should we be demanding of our budget TV sets?

Insane £11/pm unlimited data SIMO among Three's half-price New! 2019-06-26 10:45:00Get six months half price and save loads on your unlimited data mobile deal - iPhones, Samsung phones, Huawei, Pixel and SIM only deals all included.

Surface Book 3: what we want to see New! 2019-06-26 10:29:17Taking a closer look at the possibilities of a Surface Book 3 in the face of little to no early information just yet.

TechCrunch » Enterprise

Snowflake co-founder and president of product Benoit 2019-06-25 12:00:40When it comes to a cloud success story, Snowflake checks all the boxes. It’s a SaaS product going after industry giants. It has raised bushels o

Orderful nabs $10M from A16Z to modernise the 2019-06-25 09:08:13The march of globalization continues unabated, and with it comes a growing demand for companies of all sizes to communicate with and sell to each othe

Tundra, the zero-fee wholesale marketplace, picks up $12 2019-06-25 08:39:16Tundra, a new zero-commission wholesale marketplace, has today announced the close of $12 million in Series A funding. The round was led by Redpoint&r

Showpad, a sales enablement platform for presentations and 2019-06-25 06:12:57Sales teams have long turned to tech solutions to help improve how they source leads, develop relationships and close deals. Now, one of the startups

Comscore raises $20M with an option to bump 2019-06-24 11:16:05Comscore’s name is usually in the news because of its widely-cited research and stats around media traffic and other analysis charting digital c

Gartner finds RPA is fastest growing market in 2019-06-24 09:59:13If you asked the average person on the street what Robotic Process Automation is, most probably wouldn’t have a clue. Yet new data from Gartner

Three years after moving off AWS, Dropbox infrastructure 2019-06-21 11:35:29Conventional wisdom would suggest that you close your data centers and move to the cloud, not the other way around, but in 2016 Dropbox undertook the

Get your early-bird tickets to TC Sessions: Enterprise 2019-06-20 16:00:41In a world where the enterprise market hovers around $500 billion in annual sales, is it any wonder that hundreds of enterprise startups launch into t

Transitioning from engineering to product with Adobe’s Anjul 2019-06-20 13:05:14Many roles inside of startups and tech companies are clear: marketers market, salespeople sell, engineers engineer. Then there are the roles like &ldq

Daily Crunch: Slack makes its Wall Street debut 2019-06-20 12:42:22The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox ever

Machine learning for everyone startup Intersect Labs launches 2019-06-20 12:30:02Machine learning is the holy grail of data analysis, but unfortunately, that holy grail oftentimes requires a PhD in Computer Science just to get star

Slack opens at $38.50, a pop of 48% 2019-06-20 12:12:38Slack, the workplace messaging platform that has helped define a key category of enterprise IT, made its debut as a public company today with a pop. T

Digital Trends

Walmart drops a killer $700 discount on the New! 2019-06-26 13:56:28Looking for a high-end smart TV? Walmart is currently offering the 65-inch Samsung 4k Ultra HD Smart Quantum LED HDR TV for only $1,299, which is a ma

Google will now auto-delete your location history (if New! 2019-06-26 13:40:07Under fire for the sheer amount of personal data it collects, Google will finally allow you to auto-delete your activity and location history, the com

Samsung could launch a clamshell-style foldable phone in New! 2019-06-26 13:24:38While Samsung attempts to remedy its issues with the Galaxy Fold, the company may be planning a second foldable phone, which could launch as soon as t

A Netflix data scientist taught an A.I. to New! 2019-06-26 13:16:08A senior data scientist at Netflix has taught an A.I. algorithm to recognize kissing scenes in movies. Here's why it could turn out to be a very usef

Walmart drops $100 discount on the Samsung Galaxy New! 2019-06-26 13:10:47If you’re looking to buy a premium smartphone, the Samsung Galaxy S10 is a solid bet. Right now, Walmart is offering the unlocked version of thi

Audi’s 429-horsepower SQ8 TDI proves diesels don’t have New! 2019-06-26 13:08:42The Audi SQ8 TDI is a sportier version of the Audi Q8 SUV. Its diesel powertrain means the SQ8 TDI won't come to the United States, but it will give

The best iRobot Roomba robot vacuum deals for New! 2019-06-26 12:15:29Keep your home clean without lifting a finger using a robot vacuum cleaner. These nine iRobot Roomba deals not only help you keep your home tidy, but

Apple News wants to tell you all about New! 2019-06-26 12:13:37The Democratic Presidential Debates are just around the corner. You probably are familiar with a few of them, but knowing all of them is tough. Apple

HTC Vive Cosmos: Hardware, games, price, release date, New! 2019-06-26 12:11:52The HTC Vive Cosmos headset is a premium VR device equipped with a modular design and ease-of-use when setting up. Here is everything we know about th

YouTube now gives you more control over the New! 2019-06-26 12:00:59If you've ever wished for greater control over the videos that YouTube suggests, it's your lucky day: The company is bringing new features that let

Apple’s 10.5-inch iPad Air with Wi-Fi is on New! 2019-06-26 11:50:48Now that Summer is here, it's the perfect time to catch up on summer reading, play video games, and relax. Walmart is having a great deal on Apple's

Sony’s super-tall Xperia 1 is the first smartphone New! 2019-06-26 11:46:13Sony took the wraps off of three new phones at Mobile World Congress 2019, including the new Xperia 1, which is the company's new flagship phone and

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.