Virtualization Technology News and Information
Article
RSS
Only the third year of GDPR, but a legacy in the making

GDPR 

By Stephen Cavey, co-founder and chief evangelist of Ground Labs

Maybe the "terrible twos" are not as bad as we thought. The General Data Protection Regulation (GDPR) is about to enter its third year in effect. Since its relatively recent inception, the GDPR has become the gold standard of comprehensive compliance laws.

The GDPR has undoubtedly had its coming of age since it replaced outdated data compliance laws previously enforced in the European Union, such as the 1995 Data Protection Directive. The 2018 GDPR enforcement was a timely update given that only about .5% of the world's population was accessing the internet in 1990 compared to 76% in 2015. Unquestionably, as the internet, big tech, and consumer awareness about data evolve, so will the GDPR and attention to consumer privacy in general.

How GDPR stacks up against other compliance regulations

The GDPR has inspired the world to take consumer data protection seriously. The guidelines- dense with 11 chapters and 91 articles-apply to any enterprise inside the European Economic Areas (EEA) and businesses that offer services or products to EU citizens which include businesses that exist outside of the EEA. The law calls for consumers to have autonomy over their personal information, like asking controllers to erase data under specific circumstances. The GDPR also holds companies accountable for disclosing when a data breach has occurred and to pay penalties for violations.

Countries such as Brazil (LGPD), Thailand (PDPA), and recently China (the "Draft" or Personal Information Protection Law) have or are in the process of mimicking the law for their own citizens' best interest.

The GDPR has also influenced the adoption of comprehensive compliance laws in the United States. So far, California's CCPA and Virginia's CDPA are the only states with comprehensive legislation that have been enacted as enforceable laws. However, it is only a matter of time before the U.S. must evaluate if a patchwork of state laws is as meaningful and intuitive as one all-encompassing U.S. compliance law similar to GDPR.

Data hygiene challenges in the new hybrid work environment

Currently, as employees are emerging from a remote work period and organizations begin to reintroduce employees back to the office, there is greater security risk caused by the increased surface area of sensitive data across employee endpoint systems. Many employees have been remote for over a year now, but business has never stopped.

Employees continued and will continue to handle sensitive or personal information daily in varying forms. The challenge that businesses now face is locating and verifying the security of this data-saved across local folders on workstations and laptops, hidden, temporary and private folders, cloud folders and shared via email and messenger apps. This data could be hiding virtually anywhere. This issue is exacerbated as organizations and their partners lean into hybrid remote work as a long-term operating model, which is why for organizations located in the US or anywhere else that handle the data of EU citizens, GDPR compliance must be taken seriously and given a strong focus as your organization makes plans to readjust its work environment.

2020 has illustrated that success hinges on a proper data management strategy that prioritizes security through protocols and processes that are flexible enough to pivot and survive even the most abrupt changes.

Organizations must stay in lockstep with GDPR

Privacy regulations like GDPR have increased transparency and give consumers the ability to opt-out of data sharing policies, but as the regulations grow in scale and complexity, organizations are exploring ways to meet these requirements without hindering business success. Forward-thinking organizations are installing solutions and processes to address the increased requirements around the handling and storage of personal data each of these laws bring.

Most countries are in the process of implementing modern data privacy laws primarily in response to the poor data security and privacy practices of the many companies that have collected, sold, or exploited consumer data. We are entering into a regulation era that will be heavily focused on privacy rights for individuals, and organizations that collect and use this data will need to set aside a budget specific to ongoing compliance efforts.

Organizations must rethink their entire strategy around the collection, storage, and security of personal information, and take into account that the privacy regulations which apply are not based on the country where a company is located, but rather, the countries where an individual's data is located.

Modern business practices must be adjusted to keep pace with data compliance expectations. Compliance with such requirements will require a completely different approach to how data security and data privacy are managed.

Whether your company is compliant with GDPR, or is working towards improving data compliance and security infrastructure, it is never too late to begin a regular cadence of ongoing data discovery scans- one of the most critical approaches to establishing a baseline of all personal data across to the business so that correct safeguards can then be applied to the systems and storage locations that are most at risk.

To build an effective data discovery strategy, businesses must take all previous assumptions off the table regarding where it believed personal data was stored and handled, and re-establish this knowledge using a ground-up and greenfield approach. From here an organization can continue to stay up-to-date with compliance regulations and prioritize data security based on real evidence that's being regularly produced by data discovery before a breach occurs.

##

About the Author

Stephen Cavey, Co-Founder and Chief Evangelist at Ground Labs

Stephen Cavey 

Stephen Cavey is a co-founder of Ground Labs, leading a global team empowering its customers to discover, identify and secure sensitive data across their organizations. As the Chief Evangelist, he leads its worldwide product development, sales and marketing and business operations and was instrumental in extending Ground Labs' presence with enterprise customers. Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events on topics related to data security, risk mitigation and cybersecurity trends and futures. He started Ground Labs after holding engineering and leadership positions at Paycorp Holdings (now part of MYOB), a provider of integrated electronic payments solutions and Webpay, a payment services provider later acquired by Fidelity. 
Published Tuesday, May 25, 2021 7:30 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<May 2021>
SuMoTuWeThFrSa
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345