In today’s digital world, there are so many security risks posed to data. These are not just related to technology, but also to people, markets, skills shortages, resistance to change, organisational culture, and more. This poses a major challenge for organisations, to legally adhere to data protection legislation.
From May next year, the legislative landscape related to protecting data is changing. This is because the EU General Data Protection Regulation (GDPR) will be coming into force. GDPR is a legal regulatory framework, which will apply to all organisations and businesses.
Data security is a keen interest of mine. Recently I attended the North West Data Forum in Liverpool. Organised by Gardner Systems, the forum looked at the imminent introduction of GDPR, as well as how technology can assist organisations with ensuring they are compliant. Having previously written about other Gardner Systems events on data security, I was extremely keen to find out more about GDPR for myself. I am delighted to say that I came away afterwards, feeling the forum to be worthwhile, informal and useful.
The forum consisted of three speakers, followed by a panel discussion. The speakers were Grant Caley from NetApp, John Hughes from Varonis and Paul Stringfellow from Gardner Systems. Each talked about how technology can assist organisations, with ensuring that they can become legally compliant with GDPR. For me personally, there was so much that I learned from all three speakers, from not only securing data, but also how technology can help with complying with legislation.
Below are some of the key points that I learned
- Recognise and understand the value of the data you hold.
- Challenges posed to data security extend beyond IT (Information Technology).
- Less embedded skills within organisations make them more vulnerable.
- Data needs to be maintained, transferrable and also made portable.
- Explicit permission is required when transferring data.
- Technology only helps with ensuring compliance.
- Important to think about security when designing and developing solutions.
- 70% of security breaches went undetected for a year.
- Data access needs to be not only secured, but also monitored and analysed for abnormal behaviour.
- Security must work for people, as they use the technologies.
- Educate people on general principles on why data security is important.
- Important to collaborate with others.
The panel discussion was much thought provoking, with the audience asking pertinent questions related to GDPR. In addition, the discussion also allowed for the audience to submit questions through Twitter. Sensing an opportunity, I submitted a question, asking if GDPR would still apply after Brexit. The response I received was an unequivocal and resounding yes from the panel, in that GDPR will apply to the UK, after the conclusion of Brexit. I learned this is because the legislation will apply to any organisation or business that collects and holds data on EU citizens. Furthermore the panel explained to the audience that my question has constantly been asked by audience members, at other GDPR related forums and seminars. Therefore I was delighted to have asked a meaningful question that is relevant today.
I would like to thank everyone at Gardner Systems and all the speakers, for a very interesting forum. As well as meeting fellow IT professionals, I found the experience to be very educational, and a valuable investment in my own knowledge and understanding, of the importance of data security and GDPR. I was also impressed by the technical insight of Gavin, John and Paul, and I felt privileged to listen and learn from three knowledgeable professionals.
With regards to GDPR, look out for my next article. This is because I shall be writing in more detail about what it is, and how it will affect organisations.