Virtualization Technology News and Information
Data Privacy Taking Center Stage During a Pandemic


By Stephen Manley, Chief Technologist, Druva

Since GDPR went into effect two years ago, the public has become much more aware of who has data about us and how they use it. Now, in the midst of a global pandemic, concerns about privacy have increased ten-fold. 

Many organisations have suggested that GDPR enforcement should be relaxed to support the battle against COVID-19. They are already struggling to support a remote workforce, and they do not want to delay tracing and health monitoring initiatives. Consumer advocates say that only a stronger commitment to privacy will convince the populace to trust organisations with their data. They say that the pandemic will pass, but the decisions made now regarding personal data and privacy may have long lasting and far reaching effects. 

Given the debate, the existence of GDPR has never been more important than it is right now. As advocates on both sides of the privacy argument are taking increasingly extreme positions, regulations like the GDPR can provide a trusted middle path. To protect customers and employees, we should stop debating GDPR and focus on how to meet the standards that people have come to depend on.

Data privacy begins with data management

As our understanding and governmental regulations around COVID-19 evolve and diverge, businesses know three things. First, agility and flexibility are more important than ever. Second, they will need to store, retrieve and delete personal data quickly, regardless of the location or data type. Third, they will need to automate, so they can react and scale. 

To thrive in the current world, a business needs a modern data management strategy. Fortunately, even with a remote workforce, it is possible to follow the three steps to build a data management platform. First, centralize management while distributing the data storage to support data residency laws. Second, leverage the cloud to connect to remote workers and IoT device data in their local regions. Third, extract and enrich the metadata, so you can manage access control, and then optimize search and retrieval. Once customers can "get" all their data, and use metadata control who "sees" it, they are prepared to "use" the data to meet privacy regulations.

Organizations then automate their privacy management. Automation is the only way to handle the increasing amount of scrutiny around privacy over the next 12-18 months. Companies have already begun building tools to search and retrieve information for privacy requests. By automating the right to access and right to be forgotten, companies remove the intense manual labour involved in searching through every file, message, and database record.  

GDPR today and in the future

Organizations should use GDPR privacy regulations as a baseline to maintain trust with regulators, customers, and employees. In a complex time, teams need clear requirements and priorities. 

First, organizations need to address remote work because decentralization will only increase. Remote workers now send sensitive data via messaging tools like Slack, Zoom and Microsoft Teams and store it on local laptops or SaaS data stores. The data needs to be protected from leaks and cyber-attacks. Until SaaS applications, messaging applications, and endpoints are treated as first-class citizens in the data management strategy, companies are at risk of violating GDPR. Fortunately, a cloud-based data management system can easily manage information outside the data center.

Second, organizations must prepare for the new privacy challenges that come with people returning to work. Health officials will require businesses to test and trace employees, external visitors and other workers entering their buildings. Privacy regulators will still expect the organization to manage this personal data, regardless of how new or massive. Therefore, they will need a data management platform that can scale and react quickly. The automated GDPR processes in the cloud will provide the baseline of their implementation. 

Few could have envisioned the world fighting a pandemic, and even fewer were prepared for its impact on government regulations and data management. As government agencies are exploring any and all options to protect citizens from COVID-19, we cannot forget the importance of data privacy. Conversations around privacy and health will become more intertwined, and regulations like the GDPR (and new ones like CCPA) can provide a framework for both consumers and businesses. As we reflect on the last two years of GDPR and look ahead to the future, let us use this anniversary to build greater trust with employees and customers so we can navigate an unknown future together.


About the Author

Stephen Manley 

Stephen delivers solutions to help customers extract the full potential of their data. In leading development of data management capabilities for startups and serving as CTO of the Data Protection Group at Dell EMC, Stephen found his passion in partnering with customers to solve data protection challenges for today's enterprise and evolve modern data storage. He also spent time at NetApp as a senior technical director of data protection. Stephen is excited to connect with new customers and technology to transform how people protect, preserve, and use their data.
Published Monday, May 25, 2020 7:32 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2020>