Tech Experts Discuss 3-Year Anniversary of GDPR

The 25th of May marked three years of General Data Protection Regulation in the UK, with concerns of cybersecurity on the rise.

The UK’s Data Protection Authority, the Information Commissioner’s Office recently published data between the 1st of July and the 31st of October. It showed the ICO received 2,594 data breach notifications, with the EU data protection authorities having made over 700 enforcement actions.

Tech experts discuss data

In response to this, there was a collaborative article written, featuring many tech experts’ knowledge. Faisal Abbasi, managing director EMEA at Amelia, spoke on how companies must manage sensitive data.

He said, “For customer-facing organisations across finance, banking and insurance industries – and increasingly in healthcare too– data-related challenges are only becoming more complex, as more data is generated to define business needs, and more people now conduct their work and home lives from personal devices.”

He also noted that failure to securely manage this personal data can be costly and damaging and can lead to a breach. He said, “That’s why in many regulation-heavy industries, like banking and insurance, we’re seeing an uptick in the number of organisations deploying AI-powered digital employees to augment the ability of human employees when handling sensitive data.”

Abbasi also stated that these ‘digital employees’ can act as ‘whisper agents’ to guide their human counterparts through specific rules and processes. He noted that this can significantly help with lowering the chance of human error when dealing with privacy risks and prevents the unauthorized sharing of data.

Liz O’Driscoll, Head of Innovation at Civica, spoke on the importance of having the public’s trust when it comes to data privacy. She said “Be it personal banking details or mRNA vaccine codes, personal data is extremely valuable, making privacy all the more important. Through increasing innovation, we’re getting better at protecting that data and using it as a force for good. This is improving citizen trust at a time when the pandemic has fuelled government reliance on data to get critical information and services out to the general public.”

She also said that when GDPR was introduced it ensured companies put data privacy first, to help build trust with the public. She said “In strengthening citizen trust, person-centric services will become more important. These services can adapt and respond to our preferences and provide earlier interventions for those most in need.”

Declan Dickens, Senior Manager, Northern Europe at Checkmarx, said there was still a lot needed across the board for accountability of data privacy. He said “A new report noted that over 661 fines have been issued since GDPR became enforceable, totaling €292 million – a concerning number. It’s important that both lawmakers and organisations don’t become complacent in this critical effort.”

He also spoke of the issues of fragmentation and grey areas still within the GDPR , he noted GDPR and data privacy should be a “living, breathing initiative”. Dickens also spoke of how organisations need to align themselves with GDPR requirements.

He said, “For those looking to remain compliant, we suggest they firstly follow the ‘privacy/security by design’ rule – ensuring data security and privacy are considered during the planning stage of any product or solution, as opposed to during development – to safeguard data from attackers by default.” He also said for existing operations, companies have to sniff out any weak points in how their data flow is processed by performing gap analysis.

Chris Huggett, Senior VP, EMEA & India at Sunguard AS stated remote working means new data privacy challenges. He noted that the pandemic has brought on a dramatic increase in cloud spending, he said, “while hybrid and public cloud solutions have been the natural choice in this case, organisations need to be aware that a distributed model of data storage presents a challenge to one of the key facets of GDPR compliance: knowing exactly where data is.”

He also noted that organisations transitioning to the public or hybrid cloud must ensure visibility is not sacrificed. He said “The GDPR is now driving uptake of managed sovereign cloud solutions, along with
other factors such as cybersecurity and the uncertainty around data transfers post-Brexit. Such solutions are critical for helping close the widening gap between operational flexibility and regulatory compliance, provide businesses with peace of mind when migrating to the cloud.”

Adam Mayer, Senior Manager at Qlik, spoke on the value of data to modern businesses. He said, “Real-time data is one of the most valuable resources for modern businesses, empowering organisations to make the right decisions in the right moment according to customer needs.”

He also noted that this speed of data transfer cannot be at the expense of customer privacy and that companies need good governance of how they collect, use and store data, with particular note to personally identifiable information (PII). He said “Understanding the data lineage, managing access through a data catalogue, as well as providing data literacy education so employees understand how to responsibly draw from and use different data sources, are all key to ensuring that operating at the speed of business won’t contribute towards creating new compliance concerns.”

Mayer also said that this new volume and speed of data transference encourages companies to detach from traditional approaches to governance and think about how analytics itself can aid compliance with GDPR. He said ”

He said “Analytics programmes can help IT teams visualise and manage who has access to what information and if that remains relevant to their role. For instance, this could be through bringing together disparate data sets on user access controls and HR lists of leavers, starters and changers to ensure that there are no anomalies where people retain access to information that is no longer appropriate to their role.”

Finally, he said “Analytics can also help proactively manage data retention policies, so personal data isn’t held for too long, i.e. when it is no longer needed after form processing, or held without consent. Analytics platforms can assess when to dispose of personal data in a timely and safe manner. This can ultimately help businesses introduce real intelligence into the management of data privacy to reduce the risk of human error and streamline processes for IT teams.”