By Robin Schmitt
GM, APAC, Neustar
The changing posture of security threats – from networks to applications, disruption to data exfiltration and one-dimensional to multi-dimensional attacks – is driving an architectural shift in the security industry.
That, coupled with the GDPR which will come into full swing on 25 May 2018, raises the question – who really controls your data? With data being used widely from personalised advertising to loyalty reward programs by retailers for consumers, businesses will need to rethink the way they manage and protect personal data in order to comply with the GDPR.
While this will be a limiting factor in the use of consumer data, having a bulletproof cybersecurity strategy creates a prime opportunity for businesses to build better customer relationships, streamline IT and improve data management.
For a start, businesses need to ensure that all sensitive data is stored responsibly and securely in inventories that are regularly reviewed and updated. A crucial yet often overlooked point is having the visibility of where multiple backup copies reside to avoid being rendered as non-compliant when customer data is required to be erased.
A Data Protection Officer (DPO) should also be appointed to articulate the lawful basis for any personal data processing, identify and mitigate associated privacy risks to ensure alignment with GDPR requirements. This can be outsourced depending on the business’s IT requirements.
Lastly, existing privacy and security training needs to be enhanced to address GDPR-specific pain points. That along with robust technologies that safeguard critical information infrastructures, should be conducted in tandem to detect and alleviate the impact of breaches when they occur.
It is not to say that GDPR compliance is a grim tale – but it does require a thoughtful review and refinement of data policies to ensure compliance of the stronger data protection framework in an increasingly global conversation.