Data Privacy Day: Why data privacy is more important now than ever before

By Chris Huggett, Senior Vice-President of Europe and India, Sungard Availability Services

Since the last Data Privacy Day, we’ve seen a number of firms around the world demonstrate a lack of care when protecting people’s data. In fact, some have gone as far to do the opposite, by selling data to third-parties and breaching the EU’s data protection rules due to a lack of transparency, inadequate information and lack of valid consent regarding ads personalisation. This, under the EU’s General Data Protection Regulation (GDPR) rules, has seen Google punished with a £44m fine, the largest punishment to date following the compliance deadline last year.

GDPR was the main discussion point on last year’s Data Privacy Day and the failure of huge organisations to comply by the rules means that this year should focus on the lessons learned.

GDPR sent organisations across Europe into a tailspin over their data storage and privacy procedures, and months on, only 59 percent of companies believe they are GDPR-compliant. The amount of data we produce every day is truly mind-boggling. There are 2.5 quintillion bytes of data created each day at our current pace, and that will only accelerate with the growth of the Internet of Things (IoT). Over the last two years alone 90 percent of the data in the world was generated.

To be compliant to GDPR rules, businesses must identify where personal data is being collected or acquired, the purpose for which it is being processed, and whether this data is shared with any other organisation. If this information is not currently available, a detailed investigation will be required so that all personal data and its flow within the organisation is accurately mapped.

A growing issue, as shown by O2 and TSB in the past twelve months, that is often overseen in terms of GDPR is the result of an IT outage. There is no point in having resilient hosting and secure clouds if employees can’t connect to it during an outage. As a server or organisation’s infrastructure is down, data is then at risk to exposure and therefore a company is at risk of failing compliance.

Securing your business and personal information — the focus of Data Privacy Day on January 28 — takes diligence, consistency and maintenance. When an outage occurs, businesses must know exactly how to react immediately. An outage requires an immediate response from every part of a business. IT and business teams will need to locate and close any vulnerabilities in IT systems or business processes and switch over to Disaster Recovery arrangements if they believe there has been a data corruption. Business units need to invoke their Business Continuity Plans and organisations need to stand up their executive Crisis Management Team.

An organisation’s speed and effectiveness of response will be greatly improved if it has at its fingertips the results of a Data Protection Impact Assessment (DPIA) that details all the personal data that an organisation collects, processes and stores, categorised by level of sensitivity. If companies are scrambling around, unsure of who should be taking charge and what exactly should be done, then the damage caused by the outage will only be intensified.

Data Privacy Day is a great opportunity to expose unknown risks that organisations face but moving forward it is vital that business leaders embed privacy into every operation. This is the only sustainable way to ensure compliance on an ongoing basis. GDPR has simply set the bar higher of all of us and it is going to stay there for the foreseeable future.

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking