Virtualization Technology News and Information
Ground Labs 2022 Predictions: How Brexit could shape the future of data compliance

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

How Brexit could shape the future of data compliance

By Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs

On January 31, 2020, the United Kingdom severed connections as a member of the European Union after 47 years. While discussions have taken place around how the two will address trade, travel, and cooperation on many issues including vaccines, there have yet to be clear distinctions on how British data governance laws will evolve based on the existing UK GDPR.

The GDPR as a gold standard

The GDPR is seen as the gold standard of compliance laws. Since GDPR's rollout in 2018, the regulation has had a global impact on data privacy and security, catalyzing similar efforts from other countries such as South Africa and China. These regulations have effectively increased transparency, empowered consumers with the ability to opt-out of data sharing policies, and held businesses accountable for the sensitive data they collect and manage.

In the 2020 National Data Strategy, the UK's Digital Secretary, Oliver Dowden, said moving forward, he hopes national data governance is "not overly burdensome for smaller businesses" and "supports responsible innovation." The UK has therefore been attempting to lead the way in creating a common-sense data privacy regulation, which could broadly impact the evolution of future national laws.

Keeping the adequacy rule

Although the application of the GDPR holds overall net benefits to consumers, some businesses solely consider it a nice-to-have addition to their data protection strategy while others have simply found it difficult to fully comply with. On average, only 28% of businesses believe they are fully GDPR compliant. In the U.S., 35% of businesses believe they are compliant, and 33% do in the UK.

If the UK is able to find a simplified approach to implementing national privacy legislation whilst maintaining adequacy with the EU GDPR laws, we could foresee a future where other countries will consider developing similar approaches to data privacy that are less tedious than the GDPR and easier for companies to follow and meet. This would allow businesses to be more streamlined as they consider the data they store and process for decision-making and delivery of products and services.

To support its rationale for proposing changes, the UK government published its study which included a list of expected outcomes to highlight potential efficiency and cost reductions to business in a quantitative manner as a result of adopting a revised approach as well as impacts to trade and other factors. It found that the direct financial impact on UK businesses should adequacy not be maintained, is approximately £1.4 billion over five years. It is therefore a critical goal for the UK to strike a balance between simplifying data privacy compliance burdens on business whilst maintaining adequacy status with the GDPR.

Steps to protect data

We see data breaches monopolize news headlines regularly. In many cases, breaches happen to companies that did everything in their power to prevent a data breach, like complying with data privacy laws. For example, in 2013, Target stated that it was in compliance with PCI DSS - despite this, hackers still found a way to deploy malware into its networks and the industry has since argued the validity of this previously made claim.

The fact is, following rules and ticking boxes is not the same as practicing good data hygiene. And when it comes to keeping data safe, the bare minimum is not enough. Regardless of how legislation in Britain changes, businesses can deploy some fundamental strategies now to better protect private information.

The first of these strategies is knowing where all data resides - a process called data discovery. Having an understanding of where data lives enables businesses to look at their workflows, adjust where needed and minimize potential risk to the company. The best approach to data discovery is to schedule a regular cadence of ongoing scans, covering every endpoint to validate clean and secure data storage and handling practices.

Secondly, businesses must invest in a champion of data compliance measures. This could take the form of a CISO, virtual CISO (vCISO), chief data officer or alike. Strong CISOs act beyond reactive defense and implement a proactive data discovery strategy to become a trusted advisor to the business.

Although an experienced data officer is integral for a robust data privacy plan, ensuring that employees are trained in privacy is equally critical. Often, employees are the gatekeepers between consumers and malicious actors. To this point, 73% of organizations have experienced a serious data breach caused by phishing in 2021 - highlighting how important it is for employees to be aware of their responsible data handling.

Looking ahead

The end goal for the UK, as Dowden has expressed, is to diverge from the EU's protection expectation and reform British privacy laws so that they are based on "common sense, not box-ticking." As the UK begins solidifying these strategies and regulations, we can expect the rest of the world will be watching closely to see how they may also help businesses and regulators work in harmony to uphold consumer privacy.



Stephen Cavey, Co-Founder and Chief Evangelist, Ground Labs

Stephen Cavey 

As Ground Labs co-founder, Stephen Cavey leads a global team empowering enterprise partners to discover, manage and secure sensitive data across their organizations.

Stephen has deep security domain expertise with a focus on electronic payments and data security compliance. He is a frequent speaker at industry events such as PrivSec Global, and his expert analysis has been featured in media outlets including the Financial Times, Entrepreneur, SiliconANGLE, among others. He is also a member of the Entrepreneur Leadership Network and Forbes Technology Council.

Prior to Ground Labs, Stephen held leadership positions at Paycorp, an integrated electronic payments solution provider owned by KKR. Stephen also served in engineering roles with Webpay, a payment services provider later acquired by Fidelity, and Webtel, an early Australian ISP.

Published Friday, January 07, 2022 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>