2017 has heralded an intensification of speculation and opinion regarding GDPR, and Google searches in this area have been steadily rising over the past few months. This is hardly surprising given that the stakes are high for businesses facing huge fines, come May 2018, if they either fail to report a data breach of personally identifiable data within 72 hours, or are unable to demonstrate that their systems and operations of data governance a sufficient to the risk that data poses. What is more surprising, perhaps, is the emphasis upon the difficulties posed to businesses that now have to put their houses in order, rather than upon the timely intervention of this new regulation, which replaces the outdated Data Protection Act, on behalf of consumers whose personal information is now gathered and held as a matter of course by organisations with whom they have dealings via the internet.
At times, we at Layer 8 have felt slightly out of kilter in that we see much to celebrate in GDPR. Yes, we recognise that for small, medium and especially large business it’s a BIG JOB, but it’s one that’s important, has benefits for us as consumers and presents businesses with opportunities for development. Rather than fearing it, we find the opportunities it presents us, and our clients with, refreshing. We can think of many reasons to welcome the regulation, but here are our top 5:
- GDPR is about safeguarding our data.
How many times have we handed over our sensitive and personal information to businesses and organisations? We’re all customers as well as protectors of information. Never have we had to trust so many strangers – and never have we been trusted by so many strangers. We’re all in it together!
- GDPR raises the profile of security.
It’s a great way of promoting security in the organisation/business. At last the beleaguered CISO can be pretty sure of getting the ear of the board, and more than that, being taken seriously. Everyone needs to raise their level of awareness and every one will have to take responsibility for their behaviours and processes. How long has that been a cherished dream?!
- GDPR means we have to collaborate.
It’s an opportunity to galvanise every department into a holistic approach to security and it requires cross-departmental collaboration. As data assets are passed between departments, everyone must work in concert to protect it.
- GDPR means we’ll become more secure.
It creates a focus and an impetus for good data governance processes. It’s an opportunity to take stock and review these and get our house in order. That’s good for everyone!
- GDPR is an opportunity to develop security culture.
It encourages the development of a strong, proactive security culture through conversations about our values and how we do things around here. People will have to talk about what matters to them and how their actions demonstrate that. New staff will need to learn secure processes and why we follow them.
Businesses are being required, by this regulation, to show that they respect and recognise the vulnerability of the humans behind the data they collect. Big fines are the stick to concentrate the minds of company CEOs, but beyond the terror there’s a challenge, to restore trust and integrity in the systems that manage the most valuable commodity we have as individuals, our personal identifiable information.
Layer 8 is currently working with organisations in their preparations for GDPR, with a focus upon the human factor.
Layer 8 is hosting a webinar on this subject: GDPR – A Hands-On Approach, on 25th January, 9.30-10.30am. If you would like to join us, you can register at https://layer8ltd.co.uk/webinar-preparing-gdpr-hands-approach/