In this data-driven world, culpability and legislation are crucial. More crucial, and not to be overlooked, however, is that they fulfill their purpose – improving overall data privacy and security. As of May 2021, three years have passed since the inception of GDPR, Europe’s data privacy, and security law. Despite the flurry of activity that preceded its launch, which left IT professionals clambering to ensure their organisations were compliant with the new regulations, millions of pounds’ worth of fines have been levied against businesses of all sizes. In fact, according to DLA Piper’s latest GDPR Data Breach Survey, there have been more than 281,000 data breach notifications since the legislation’s inception in 2018.
As a result, serious concerns have been raised over the legislation’s efficacy, and for many, this law has failed to deliver on its most basic premise. Gartner projected in 2018 that only 50% of organisations would be prepared for the impact of GDPR. Theoretically, this figure would have improved from then to now – after all, it has been three years. But with technology innovations and user behaviour in constant flux, threats evolve at a frightening speed, is this a fair – or accurate – yardstick to measure organisations against?
The digital landscape is different now compared to 2018. Heck, it’s different now to how it was in 2020. Apples and oranges, you might say. Both government regulation and business strategy must now adapt, pivoting accordingly. It is for this reason, that businesses must take the lead on the challenge of protecting their customers’ data, accepting and understanding the role they play within it as, evidently, state law isn’t enough. For this, the right tools will be critical.
Industries lagging behind
Driving the scepticism over GDPR’s effectiveness is the shift and evolution of people’s digital lifestyles. The rapid pace of tech innovation, increased reliance on data and the growing threat of cybersecurity have all been pinpointed as areas that have outgrown the blueprint launched in 2018. For IT leaders, the overwhelming feeling is that GDPR isn’t able to regulate the handling and protection of data in today’s updated and decentralised IT landscape.
Scoping the opinion of 1,000 IT leaders and 3,000 employees, a similar call for stronger rules and updated guidelines was also shared through Snow’s 2021 IT priorities report. This report found that 94% of IT leaders and 82% of employees believe more regulations are needed in the tech arena. Only 74% of the latter reported the same back in a 2019 global worker survey, highlighting how much has changed in a short space of time. More specifically, of those who do want to see more tech regulations introduced, the two leading areas brought to light were data protection and cybersecurity.
The doubtful advantage of market-expectation and compliance
It makes sense that data protection and cybersecurity would be high priorities for many individuals. Since the start of 2020 and the rise of the pandemic, a rapid and necessary shift to remote working took place. Not only that but consumers were forced to conduct vast portions of their day-to-day routines through digital channels. As a result, both individual and organisation’s digital footprints have expanded exponentially, and the end result is a stronger comprehension of the privacy pitfalls that come with such a strong digital presence.
Understandably, individuals are holding organisations that collect and store data responsible and accountable for their privacy. And a failure to either comply with regulation, or to ensure data protection in a more competitive marketplace, is a double-edged sword that businesses need to address. With consumers and employees now expecting a true hybrid proposition of both on-premises and cloud services, technology blind spots need to be mitigated as a matter of urgency.
A calculated, clever and connected ecosystem
To be truly disruptive and effective, businesses must be armed with the correct tools to manage compliance. And for this, the biggest asset will be visibility. Tools that provide visibility and manageability of an organisation’s entire IT ecosystem are vital. From that position of overarching insight, strategy and investment can be earmarked according to an informed roadmap, rather than adhering solely to a legislation that you already know isn’t completely effective at this time.
Considering the hybrid IT era that is upon us, this enhanced visibility can help to connect siloes within companies, to give a unified view when it comes to data analysis and use, and to enable actual transparency with consumers, so they are comforted by the privacy protocols that are in place. With this conjoined, intelligent, and strategic ecosystem in place, organisations can truly protect personal data and keep customers safe, no matter how quickly the business world continues to evolve.
Company concern has evolved from one of tick-box compliance to one that balances both compliance and the need for effective data protection as a differentiator. The general consensus is that existing tech regulations aren’t enough in such a consumer-centric world where privacy and security are every bit as important to people as the service being provided. Businesses now must adopt a two-pronged attack where they continue to urge greater assistance from GDPR while investing in their own levels of visibility to keep up their end of the data bargain.
Senior Specialist Solutions Consultant and Global Lead for Risk & Compliance
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.