Now the May 25th deadline is safely behind us, companies all around the world as finding out just how to cope best with a GDPR-ready world.
With its range of ID and authentication management services, Okta is set to play a leading role in helping with this transition, particularly with organisations that may need to address dealing with data requests from employees or customers.
"We can't solve all the problems, but at least we can give folks a chance,” Chris Niggel, Okta’s head of security and compliance, told ITProPortal at the company’s recent Oktane18 conference in Las Vegas.
Niggel notes that Okta has been preparing for GDPR for over a year, as it looks to address potential needs from customers of all sizes. He names two approaches to GDPR, one that looks at a company’s readiness to deal with requests concerning its data, and the other concerning specific products or services, where issues may now arise on what data is stored where.
However he is not in any means negative about the possible ramifications of GDPR, stating that, “it’s not going to be a bloodbath.”
"The best action a company can do is to make sure they are prepared to respond to subject access request...responding quickly to those, within the 30 day timeline, that's going to ensure that, at least in the regulators eyes, you are making a strong attempt to comply to GDPR and that's going to significantly reduce the risk of an organisation getting one of those fines."
Niggel did predict that any GDPR fines may trigger “a second wave of awareness to compliance," but that in today’s privacy-conscious world, this would unfortunately be the new normal.
This would be particularly true for US companies, which will need to also ensure they comply to GDPR if any of their operations, employees or customers are located in the EU.
As Niggel notes, "we are going to need some of global harmonisation in order to support global business...every company operates internationally now due to the internet."
However following the Cambridge Analytica scandal and Equifax data breach, American consumers are increasingly more privacy-conscious, with companies like Okta needing to cover this concern.
"We're seeing more and more importance not only placed on identity, but the concept of identity is also expanding," Niggel says, noting that Russia and China in particular are introducing more and more legislation.
"It's going to be interesting to see how folks react,” he adds, “Y2K came and went, and we didn't notice it, but it had a significant impact...GDPR is going to have a similar effect."