dcn-eu logo
Story image

Data Protection Day needs to be an everyday thing

29 Jan 2019

Article by Imperva EMEA regional vice president Spencer Young

Today marks the 13th annual Data Protection Day, a day aimed at raising awareness and promoting good data privacy practices around the world. 

The past year saw vast changes impacting the UK’s data protection landscape, not the least of which is due to the EU’s General Data Protection Regulation (GDPR) officially coming into play. The regulation means that regardless of the industry or location, any business that holds and processes personal data must prioritise data protection.

The fines associated with non-compliance are hefty, to say the least, and the potential damage to the brand’s reputation can be even costlier. Yet, we have seen big brands including the likes of Google tripping up on their data protection journey. Where are companies going wrong in getting data protection right?

1/ Finding the data is not easy

Data protection is complex and involves multiple teams, technologies and systems to work together.

One of the first hurdles IT teams face is in conducting a Data Assessment Report, which requires organisations to locate any personal data they are holding and document how the data is collected and processed. This detailed assessment must be kept current and ready for regulatory inspection or compliance audits.

However, many businesses find it challenging to locate that data. When you are a large enterprise, this can take more than just a call to your IT department and can take weeks – even months – of investment.

2/ Not having the right technologies in place

Perhaps most significantly, regulations require any company that experiences a data breach to publicly acknowledge the breach and notify the local Data Protection Authorities (DPA) in the member states where the people affected by that breach reside.

Businesses must notify the DPA’s within 72 hours of identification or confirmation of the breach. They must be able to tell them what data was breached, how many records were taken and provide a member-state specific report around the infringement. 

This requirement means all businesses need to be able to understand who accessed the data, what activity they performed and when they performed it. Any organisation without strong technology solutions in place will struggle to provide the requested information within the 72-hour window.

3/ Failure to govern data access

Limiting access to certain information and making sure that access is authorised and reflects any changes within the business is a critical step in data protection that many companies tend to neglect.

It's important to analyse policies on data collection, handling, test data usage, data retention, and data destruction. At each point, access must be on a need-to-know basis. Users should not be allowed to accumulate access rights as they are promoted or move laterally within an organization. Privileged accounts, including DBAs, Admins and Service accounts should be carefully monitored to ensure they are not used to bypass policies.

Not doing so will inevitably lead to disastrous consequences.

There may be many reasons why an organisation’s data protection strategy is not up to par, but they will reside somewhere within having inadequate or ineffective processes, people, and technology. It is critical to be aware of potential pitfalls and actively work towards more robust data protection practices.

GDPR or not, Data Protection Day should be every day in our data-driven business landscape.

Story image
Intel rolls out additions and enhancements to 5G network infrastructure offerings
“When you consider the collective impact of the proliferation of fully virtualised cloud architectures combined with the commercialisation of 5G, the rise of AI and the growth of the edge, it truly has a multiplier effect that makes each more impactful than it would be on its own."More
Story image
Microsoft, Verizon join forces to accelerate delivery of 5G applications
“By bringing together Verizon’s 5G network and on-site 5G Edge platform with Microsoft’s expertise in cloud services, we will enable the development of the next generation technologies everyone has been envisioning.”More
Story image
HPE awarded $160 million contract to build supercomputer in Finland
The supercomputer, which is referred to as ‘LUMI’ by EuroHPC JU, will help European researchers and private and public organisations significantly advance R&D and drive innovation in areas such as healthcare, weather forecasting, and AI-enabled products.More
Story image
Alkira raises $54m to expand cloud networking IaaS exchanges
The Alkira team of Amir and Atif Khan have a strong track record and approach to network cloud that could be ‘more disruptive than SD-WAN’.More
Story image
QNAP launches smart edge PoE switch for Wi-Fi 6
The QGD-1602P includes multiple 2.5GbE MultiGigabit ports, 10GbE fibre ports and up to 90 watts PoE power.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More