100 days to GDPR - the industry speaks

null

May 25th 2018 could prove to be a crucial day for many businesses, as the new General Data Protection Regulation (GDPR) rules come into force. But with the deadline for GDPR is now exactly a hundred days away - so how are businesses coping?

We asked some of the leading figures in technology industry for their advice on how best to cope with GDPR - here’s what they said.

Joe Garber, global head of product marketing: information management & governance, Micro Focus

“As today marks exactly 100 days until the GDPR deadline, it is important to reflect on the changes the new rules and regulations will bring. When it comes to the GDPR, the risk of hefty fines and loss of credibility with customers are the bottom-line consequences of non-compliance for businesses. However, today we should be thinking about the benefits the GDPR will bring to privacy and security – something organisations will see if they approach the new regulations methodically and carefully, with the right technology processes in place."

“Thinking about the safety of the web more broadly, the explosion of the Internet of Things (IoT) devices in our homes and offices – and even on ourselves through smartwatches, medical sensors and more –  poses a huge threat to privacy and security. The immense volumes of information gathered by these devices means that even legitimate use could quickly pinpoint the identity of an individual using many different fragments of data." 

"We have not previously had the experience as a society nor the legislative framework to decide what should constitute privacy, so the GDPR will be a catalyst for organisations to put measures in place to ensure the privacy of data, which they arguably should have been doing already. As a consumer, I am excited about what the GDPR can do for me as an individual, protecting my information in a time when many privacy issues are vague, threatening and of colossal scale.”

Bert Bouwmeester, director, business solutions, SQS

“Today marks the 100 day countdown to GDPR kick-off and businesses of all sizes should be putting steps in place to ensure compliance."

"Data Protection Assessments are designed to identify and address security weaknesses within an organisation. These involve a critical examination of your systems, working processes, and staff behaviours. These assessments can help businesses focus their efforts and achieve compliance in a targeted fashion. However, the GDPR will not be the “silver bullet” for cybersecurity. The fact that a business can be fully GDPR compliant, yet still liable to a data breach is something that all businesses need to be aware of.”

Carl Leonard, principal security analyst at Forcepoint

“The GDPR countdown provides a timely push for all of us to do more to protect the privacy of the people that matter most; it is the perfect opportunity to show them how much you care. After all, by protecting the people you secure the organisation."

"100 days does not sound like a lot of time, but it’s not too late – most organisations will be well on the way to putting in place the processes and security measures that the regulation requires. 100 days is the perfect opportunity to check your progress to see if you are on track as you put the last pieces of your strategy in place.”

Ross Jackson, vice president of customer transformation & innovation, Mimecast

“Breach notification is one of the bigger risks of the upcoming GDPR regulation. As it stands, businesses, in their Controller capacity, need to report the breach within 72 hours of becoming aware of it. But, if we consider a normal business supply chain, not every business has the necessary contacts to report it if it occurs. This is a huge problem."

“As such, achieving GDPR compliance is a substantial task. Automation arguably has a massive role to play here, but this will only take organisations so far. For many organisations, it is going to be a manual process. Businesses must ensure they have up to date contact information across their estate as a Controller and should prepare messaging to avoid wasting time in the event of a breach."

“Businesses should also be prepared to go through email and archived data. Email data represents one of the biggest challenges for compliance. Many organisations do not realise how much sensitive personal data is hidden within their employees’ email."

“To prepare for the GDPR, businesses must implement a cyber resilience strategy and update outdated email archives that hold personal and sensitive data. In addition, GDPR compliance needs to be a c-suite conversation and priority. Business leaders must be aware of the implications of the regulation and also the hidden surprises it may unearth.”

James Romer, EMEA chief security architect, SecureAuth

“With 100 days to go before the GDPR kicks in, what best practices can CISOs put in place to prepare? Securing the user and their methods of accessing data is a great place to start. One of the most important changes is the broadening definition of personal data. Under GDPR, any data that could feasibly identify an individual is now considered personal. This is all the more important because 81 per cent of all data breaches come from attackers using stolen credentials."

“Adaptive authentication gives organisations an added layer of protection to prevent the misuse of stolen credentials. CISO’s should work closely with a range of groups within their organisations to understand how they classify and handle data. CISOs also need comprehensive knowledge of their business’ legacy practices. Due diligence requires these systems to be regularly tested to make sure they’re resilient and effective. This steps are critical components for successful GDPR compliance.”

Jed Mole, European marketing director, Acxiom

“It is good to see consumers taking data privacy seriously, though it’s important to understand, they do vary in terms of how they view this subject. The clear trend is towards greater real-life acceptance of data exchange as part and parcel of everyday life. This is good news for marketers who believe in data ethics and adopt the highest standards in data-driven marketing. Using data to drive more transparent value, treating people as individuals while giving them control especially as we enter the GDPR era, is key to achieving the win-win businesses and consumers really want.”