GDPR – opportunity, not threat

GDPR has increased demand for data protection processes that are flexible, autonomous and easy to use. Debbie Garside, Group Chief Innovation Scientist at Shearwater Group and CEO of Geolang, explains

Since GDPR came into force, businesses handling personal data have turned their attention to processes that protect sensitive information by design and by default. This was a key innovation in the legislation and has extended data protection from a technical issue to a matter of process and psychology at all levels of the business; including every employee by default.

In a data-centric economy, identifying and categorising different types of data is an enormous task. The Information Commissioner’s Office (ICO) expects enterprises to know where sensitive data is located and to take steps to prevent its theft, loss or unauthorised access; yet, over a year on, and still many organisations are failing to implement even the simplest ‘technologies’ to assist with the task.

Reportedly, 96 per cent of data breaches are accidental; however, breach-reporting deadlines and potential fines apply, regardless. With the reported £183 million penalty indication for the BA data breach from the ICO this week, these penalties are no longer a figment of what might be, but indicate, rather, what will be, if organisations do not take care of their data – board-level culpability will undoubtedly ensue. This will serve as the much-needed catalyst to fully support those CISOs, CTOs and CIOs who are still having difficulty persuading boards of the risk not just to their data, but to the business as a whole.

As a data discovery and data protection company, GeoLang has seen increased demand for our systems, because we find and categorise data both autonomously and in real time, with the flexibility to apply different policies to different data. This prevents – for example – the emailing of a client contact list to the wrong recipient or alerts if any proprietary information is copied to a USB drive. In addition, flexibility and ease to search for personally identifiable information (PII) across the enterprise is key to servicing Subject Access Requests (SARs) and we are seeing a plethora of requests for GeoLang technologies to assist in such cases.

Each client has a different set of requirements, with many different operating systems and repositories making up the average enterprise. A flexible, agile approach is a necessity and we work hand in hand with clients in the development and deployment of our solutions; there is no ‘one size fits all’ or a ‘silver bullet’ solution, and our personalised service is proving to be both an asset to our customers and to us, as it supports our product development lifecycle.

One of the fears in the lead-up to GDPR was that the regulations would decrease productivity, tying up businesses with extra administrative work. The reality is somewhat different. Increased opportunities for innovations around technologies that protect sensitive data and clients’ rights are offset by organisational and digital resilience that future-proofs the enterprise, leading to increased competitiveness and growth.

As originally published on https://www.btc.co.uk/Articles/index.php?mag=Security&page=compDetails&link=9961