It’s hard to believe that the General Data Protection Regulation (GDPR) has been enacted for almost two years. Since then, California, New York, Maine and Nevada have all passed similar laws. As anyone familiar could have expected, many organizations still are lagging behind when it comes to protecting user data.
And it’s not a matter of company size — earlier this year, we saw Google fined $57 million and British Airways fined $237.8 million for failing to comply with GDPR requirements. Though this may be a drop in the bucket for theses billion-dollar companies, it does send a clear warning for other companies to act quickly or face the financial and legal consequences.
We live in an age when the amount of user data is scaling at an exponential rate. With such an overwhelming amount of data, one of the greatest challenges for companies is how to easily see what data they are taking in, where it is being stored, and how it is being stored. True data visibility should be the ultimate goal of organizations looking to maximize their understanding of data consumption.
Here are some steps toward achieving the goal of true data visibility:
—Identify all sources of data within the organization. Emails, browsing histories and enterprise applications generate massive amounts of data. Knowing where that data comes from is the first critical step to taking control.
—Understand the requirements for each data source. Another challenge to managing big data is that it comes from a variety of sources. GDPR requires that some data have assigned pseudonyms for an added layer of consumer privacy. By understanding the different sources of data, companies can better anticipate what requirements are necessary for each piece of datum.
—Integrate processes to take control of data security. It’s widely accepted that inevitably all businesses will migrate from traditional data servers to cloud-based data servers. These cloud-based data servers are built to ingest petabytes of data, privatize it, correlate it and score the risk so that a company can more effectively control processes with real-time situational awareness.
When GDPR came into effect, web users noticed an overnight uptick in the number of boxes they must check when visiting a website. While the inconvenience is minor, result had major implications for protecting user data. Consumers increasingly want to know what information is being collected from them, why and — most of all — how it’s being used. This newfound awareness has added to pressure for companies to demonstrate compliance and increase transparency with their users. And for many organizations, it’s just as much about reputation as it is return on investment.
As consumer privacy demands grow louder, transparency will become expected in a matter of time. It will influence their decisions on where to spend their money and their loyalty.
The Information Commissioner’s Office reported a total of 4,056 data security incident reports in the second quarter of 2019, up from 687 in the previous year. This presents another challenge for organizations looking to minimize risk.
At the present, there are two main paths toward achieving compliance and reducing the number of reported incidents – manpower or automation. Organizations can monitor and react to data breaches more quickly by hiring enough people to focus specifically on data security. But with today’s software offerings, leadership can leverage new capabilities such as automation to set a more efficient system into place for protecting sensitive data.
The GDPR is only the beginning of consumer data legislation. Soon after GDPR was passed, Canada enacted its equivalent — the Personal Information Protection and Electronic Documents Act. States throughout the United States are drafting their own legislation as well. California was the first, drafting the California Consumer Privacy Act that will go into effect in January 2020.
Each of these acts have varied implications for organizations of all sizes. The best plan of action is to take the proper steps toward compliance today in order to minimize risk in the future.