We’re approaching the second anniversary of GDPR coming in to force and data security has never been more important for all organisations and boards of directors.
However, there is still confusion around data organisation and management especially when it comes to privacy compliance. Compliance regulations are increasingly prevalent and stringent, and companies are spending considerable resources to avoid substantial fines to respond in a timely manner to GDPR requests.
So, how can companies best protect sensitive data from third parties while having complete control and transparency of their data?
1. Tackle confusion over GDPR laws One of the main outcomes of GDPR laws coming into action back in 2018, is that it has led to a spike in data subject access requests (DSARs) – individuals requesting the right to access their personal data.
The ICO reports that data protection complaints from the British public have gone up: 41,000 since May 2018, compared with 21,000 for the preceding year, and over a third (38%) relate to DSARs. DSARs are notoriously time-consuming to manage and with a 30-day legislated timeframe, organisations are feeling the pressure.
Two years on, many challenges remain and the enforcement of GDPR is just beginning, with more fines likely in 2020. Clearly, companies are feeling the pressure to act, but many simply do not know where to start due to the enormity of the problem.
This is because with technological growth comes greater diversity; most organisations now source and store private information in multiple data sources simultaneously, in outlets such as Office365, MS Exchange, G-Suite, FileShare and Sharepoint to name a few. Clearly, the volume of data that businesses own is growing exponentially, because of how businesses now operate in an on-demand world, which makes understanding of what is contained within an organisation’s data more difficult and time-consuming.
2. Adapt your technologies As a result, the security risks of protecting disparate sources of information are even greater. Changes in the regulatory landscape can lead to businesses needing to spend additional resources, both in terms of time and money, to ensure compliance. This has opened up the need for modern technology solutions. And not only that, but reviewing and processing data manually, using more traditional discovery tools, can be a slow and inefficient process. It also can lead to a higher risk of data exploitation.
Similarly, the more data that companies have to deal with, the more it is likely to cost, and the harder it will be to extract what exactly that data consists of.
