Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

COMMENT: GDPR turns 5

May 2023 by Experts

Tomorrow marks five years of GDPR. In the years since, organisations have grappled with how best to comply and are continuing to face new challenges as technology evolves. The comment from Andy Robertson, Head of Enterprise and Cybersecurity Business at Fujitsu UK and Ireland and Gert-Jan Wijman, VP of EMEA at Celigo, looking back at the regulations’ impact and what the future holds.

Andy Robertson, Head of Enterprise and Cybersecurity Business at Fujitsu UK and Ireland: “Once a compliance headache for businesses, GDPR has since been emulated by similar legislation in other parts of the world. Simply put, data regulations are here to stay.

“In addition to safeguarding corporate and personal data, protocols have also brought about significant organisational changes. Many have been forced to examine how well they are managing and using data and, like a ruthless spring clean, have been able to cut down on unnecessary data they were paying to store. Regulation has also helped to level the playing field by ensuring data use is standardised and nobody can gain an advantage through its unethical use, for customer targeting, for example. GDPR has given companies the chance to tangibly show consumers they can be trusted, and it’s positive to see how hard they have worked to be compliant.

“Going forward, the rise of AI-driven cyberattacks will make data protection all the more critical. Generative AI platforms have the ability to create cyber security attacks, which means even those with very little cybersecurity and computing experience can carry them out. To combat this, organisations must identify equally sophisticated methods to protect themselves and their information. At the same time, they must review their high-level accounts, who has access to them and when the passwords were last changed - taking a strict approach to Multi-Factor Authentication and Conditional Access. New technology creates advanced avenues for bad actors, and shutting these down as they emerge – or beforehand when possible – is always a big challenge. While AI may be the technology that’s being talked about now, there will inevitably be another down the track and GDPR will need to be adapted in kind.

“Similarly, with so many businesses investigating the use of AI as a productivity tool, there may be a need for rules that dictate how data can be used by these different platforms. As some rely on user inputs to train the software, one wonders whether this would constitute a breach of GDPR if a particular tool was used to reformat or analyse sensitive information.”

Comment from Gert-Jan Wijman, VP of EMEA, Celigo

“GDPR’s introduction five years ago was an important step for data privacy in Europe, needed to keep up with technology’s rapid sprawl and privacy concerns that had plagued consumers. With so much corporate and personal data moving between systems, regulating this exchange was inevitable.

“But in the years since, complying with new laws and updates to existing regulation has proven a challenge. Ensuring data use is compliant is hard enough when an organisation is only in one market – more so when it’s spread across the continent and different rules need to be adhered to. Some countries have stricter enforcement than others or differing complementary privacy laws, and relying on people to ensure compliance is sustainable. It’s a job that’s menial, repetitive and can be overwhelming, with any human errors putting firms at reputational and financial risk. For example, if a business receives a request from a customer that they want to opt out of a service and request the right to be forgotten, removing their details from one system and having others automatically follow suit is more efficient and failsafe than individually finding and deleting their details on each and every system.

“Integration ensures that data can be kept in sync and standardised across linked applications and departments, so customers can be assured their data is only being used in line with existing usage rights and hasn’t unintentionally been fed into - or left out of - a particular platform. And if they ask for the personal data being stored on them, workers won’t need to sift through different systems because information should be the same in every system.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts