+
EDITOR’S QUESTION
ANDRZEJ KAWALEC, DIRECTOR
OF STRATEGY AND TECHNOLOGY,
EUROPE, OPTIV
/////////////////
A
year ago, organisations were hurriedly reviewing policies,
security procedures and mining their marketing databases in
a desperate bid to be GDPR compliant before the deadline.
Following the deadline day however, the conversation instead
shifted to sustaining and maintaining new processes and regulations
that were implemented and looking at which areas within the
organisation were still not GDPR compliant, this led companies to
focus on how their teams operate and educating them on privacy
best practice, which was previously overlooked.
The industry held its breath to see how the EU would interpret the
reporting and fine requirements, and who would be the first to face
a 4% of global revenue fine. This didn’t materialise immediately but
we’ve seen cases in Ireland and France that show regulatory bodies
finding their feet in how they apply the law.
For many organisations, the year following GDPR has been focused
on building organisational muscle memory to understand how to
re-design and rebuild processes so that they can be GDPR compliant.
For example, amidst the flurry of consent emails that were sent out,
many organisations had concerns that they would be hit by requests
to forget customer information or supply data which would lead to
tiresome system removals and processes. This failed to materialise
however and we’ve found that this hasn’t really happened at any
significant scale.
Consumers are not using the regulation to manage their data and
privacy exposure as effectively as they could be and it’s these kinds
of lessons that are informing organisations how to develop their
processes in line with GDPR.
In regard to online security incident response, a lot of time and effort
went into ensuring any incident would be reported in the timeliest
manner possible, as such, we’ve seen organisations’ appetite for risk
management and a resilient cyber operations programme grow –
this is a direct result of GDPR.
www.intelligentcio.com
Many still view GDPR as a cumbersome set of rules to follow or to
work around, but it’s more of a sea change in the way we talk about
privacy. Viewed that way, organisations cannot simply ‘check the
box’ to comply with these regulations and expect positive results
anymore. If we look broadly and globally at data privacy, GDPR has
really been the tip of the iceberg.
We are seeing major shifts in attitude, whether at government levels by
proposed legislation or by the way businesses operate and reconsider
what privacy means in this rapidly transforming digital world.
“
THE YEAR
FOLLOWING GDPR HAS BEEN
FOCUSED ON BUILDING
ORGANISATIONAL MUSCLE
MEMORY TO UNDERSTAND
HOW TO RE-DESIGN AND
REBUILD PROCESSES.
INTELLIGENTCIO
33