It has been almost two years since the European Union’s (EU) General Data Protection Regulation (GDPR) first came into effect in the UK. Two years on, it is a great time for businesses to reflect on the steps they’ve taken so far, and to look ahead at the challenges of the future.
We spoke to our CFO and resident GDPR expert, Eddie Beaton, to find out more.
What have we learnt from the GDPR two years on?
“GDPR has brought significant changes to organisations’ data collection, storage, processing and disposal procedures. It has had an impact on obligations around personal data, privacy and consent, bringing regulation up to date in the digital age and putting consumers in control of their personal data.
The last couple of years have been a significant learning curve for many businesses. Some of the larger tech giants have felt the full effects of how seriously the Information Commissioners Office (ICO) are implementing their new regulations. Large financial sanctions have been imposed for breaches of data security, highlighting that the leniency period for GDPR compliance is certainly over for high profile organisations – it could be suggested that legislation enforcement will only continue to ramp up.”
Why is GDPR still important to consider two years on?
“When GDPR came into effect it really reshaped the way in which data is managed, placing more responsibility on those who hold, process and control data. There’s no doubt that GDPR has been a force of good overall and prompted organisations to take privacy protection more seriously; generally businesses can now understand what standard is expected from them. However, just because GDPR has become more settled in practice doesn’t mean businesses are no longer at risk of significant financial and reputational damage.
As the ICO continue to enforce GDPR, their interpretations of its regulations will be demonstrated through the specific cases they choose to dismiss or penalise, potentially changing how standards should be applied in practice. We could still be years from legal certainty meaning compliance with the regulations will require ongoing attention, bringing a fresh set of challenges for organisations.
“At Secura we understand GDPR compliance is not a one-time evaluation, but an ongoing approach that needs to be applied to business processes and we take pro-active and continual steps in ensuring we’re up to date and continually review new guidance and developments.”
How has GDPR changed the way we view data protection?
“Just two years on, we can already begin to see how GDPR is shaping the global privacy landscape, with countries such as Argentina and Japan publishing GDPR-style data protection bills. Another example is California; a hub for some of the world’s most influential tech giants, the state has aligned their own legislation in line with GDPR, with the new California Consumer Privacy Act coming into law in 2018.
I believe that moving towards the harmonisation of policies on data protection highlights the significant impact of GDPR since its implementation and the requirement for increasingly robust data protection globally – particularly where company activity crosses international borders. GDPR is the strongest data protection regime in the world, seemingly setting a ‘gold standard’ for many other jurisdictions to converge to more vigorous legislation. For me, this signals the beginning of a new privacy-focused era.”
How has GDPR affected cybersecurity?
“Data that businesses generate can be valuable, which unfortunately makes them prime targets for cyberattacks. With cybercriminals now using increasingly sophisticated ways of penetrating IT infrastructures, defending networks can be increasingly difficult.”
GDPR does not set specific directives on how IT environments should be designed or deployed, however it does require businesses to do all in their power to
How should businesses keep up with the changes in legislation?
“At Secura, we rigorously monitor and update our services and certifications to ensure we remain GDPR compliant. The online security and privacy landscape which GDPR relates to is constantly evolving; this is an area that requires constant attention and prompt action.
The development and implementation of GDPR compliance models must be viewed as an on-going task, rather than a singular one to be completed and forgotten about. These models need to be tested properly, and organisations need to conduct routine assessments to consider whether business processes remain aligned and effective. In some cases, organisations may not dedicate enough resource to this, and time that should be spent proactively monitoring systems ends up being used to resolve mistakes instead.
Adopting robust security practices and technology, such as Secura’s Web Protect solution, which includes data encryption, can help to provide an additional layer of defence against malicious activity, and represents a positive step towards compliance, allowing your business time and focus to be spent on day-to-day operations.”
How will Brexit affect GDPR?
“The Government has long been committed to maintaining high standards of data protection and harmonising these with the EU. The UK has agreed that GDPR will be absorbed into UK domestic law as part of the UK’s withdrawal agreement from the European Union, so disruption to the regulation should be minimal.”
How can businesses ensure data and online services are protected?
“For many businesses GDPR assessments can be a tedious process. At Secura, we take the time to ensure that the online security services we deliver to our customers align with regulatory compliance. With every new engagement with prospective customers, security of the platform is a key focus. Secura’s sales process will always include analysis and review of the current and proposed security tools incorporated to protect the infrastructure.”
Secura offer the Web Protect suite, a complete online security package that blends together industry leading network security and web service protection technologies within a fully managed service. Enhancing the cloud security of the Virtual Private Cloud and our managed Azure platforms, the Web Protect suite is designed to protect the performance and data of critical online applications. It is ideal for companies running mission critical or revenue generating applications, providing defence in depth and the peace of mind in knowing Secura will manage the entire solution for you and help your business remain secure and GDPR compliant.”
Where should businesses focus their efforts moving forward?
“The GDPR is certainly not a regulation that stands still. The world of data protection and privacy promises to be a busy one throughout 2020 and for years to come. Going forward, it will be critical for businesses to keep up to date with regulatory guidance and enforcement decisions in order to know when internal processes may need updating. Demonstrating GDPR compliance means companies reduce organisational risks and build greater relationships and levels of trust with their customers. Choosing the right cloud partner can be hugely valuable to companies in light of GDPR.
Secura are committed to delivering the highest standards of service to our customers, with a strong focus on supporting our customers with online security and GDPR compliant services.”
We hope this Q&A was helpful and as always, if you have any questions, don’t hesitate to get in touch with one of our knowledgeable team.
Please note this blog post has been written for information purposes only, to raise awareness of these issues and prompt a more detailed investigation. Its contents should not be relied upon in any specific situation without taking relevant legal and professional advice.
Image credit: mixmagic/Shutterstock.com
Hannah is the Marketing Executive at Secura, helping the team deliver our campaigns and digital marketing with acute accuracy.
Tweet me at: