Experts Comments:
Chris DeRamus, Co-founder and CTO at DivvyCloud:
“Since GDPR was implemented a year ago, it has sparked inspiration around the globe for similar data privacy regulations. We have already seen a few companies hit by GDPR fines, and they were far from frivolous. In fact, research from DLA Piper in February 2019, revealed that there had been a total of 91 fines issued under GDPR, a number which has since grown. Google has faced the highest fine yet, with its violation around lack of transparency costing the company €50 million. In the coming months, even more companies are likely to face fines, especially as the regulatory landscape grows in complexity and companies struggle to comply with varying standards applied to them in different regions. It will be challenging for all of these governing entities to find common ground and it’s not likely we will see each of these new regulations brought together into a universal system for many years, if ever.
Now is the time to make sure the monitoring and enforcement of compliance policies in the cloud is automated, making it easier to adjust as standards and regulations become even more complex. Companies operating in cloud environments are especially susceptible to falling out of compliance, due to the rapid rate of change, the complexity of the technology, and large number of cloud users. Developers and engineers are increasingly using a diverse set of cloud services and making changes to existing services at great speeds. They are rarely educated on all of the regulations their company is subject to or how to configure cloud services to be compliant. Leveraging a flexible compliance automation tool that can be adapted as new regulations and policies come into play is the best way companies can ensure compliance now while preparing for more changes to come in the future.”
Steve Armstrong, Regional Director at Bitglass:
“Amid much fanfare GDPR came marching over the horizon with bundles of confusion, poor interpretation and the usual “silver bullets” from the technology world. Outside of many technology companies extolling “the” solution to make organisations GDPR compliant (which frankly is a pure figment of their marketing team’s imaginations) there have been some interesting consequences of GDPR. I’ve seen a slow death of free services – once the consumer was the product; now that data collection is much more restricted there has been a marked changed in the way data-based business are able to monetise their consumer data – consequently services have been less personalised. From a technology perspective, organisations are being far more diligent on contracting terms and getting a clear understanding how their data is being handled by their tech partners and ultimately what jurisdiction the data is being processed in. The C-suite has now much more responsibility for customer data protection. This likely caught many organisations off guard; but on the plus side it has broadened the conversation about data security from something the guys in the basement did, to a board level addressable issue.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.