On this Data Protection Day you should be thinking about GDPR, and whether your organisation will be compliant on the 25th of May.
Sunday the 28th of January is here, Data Protection Day, the annual point upon which we are encouraged to think about and promote good data security and privacy globally.
Observed in 47 European countries and also in the United States, Canada and India, Data Protection Day comes carrying a more important message than ever. Not only is our data being predated upon by more malicious actors and their schemes than in previous years, but 2018 is also the year of GDPR.
In a recent study conducted by the British government into the GDPR readiness of businesses and charities, widespread ignorance was discovered. It was found that a shocking 38 per cent of businesses and 44 per cent of charities had not even heard of the major EU regulation that is arriving on the 25th of May this year. Fines are set to be severe, so on Data Protection Day 2018 awareness is required now more than ever,
GDPR is set to barb the punishing effects of improper data protection; a breach already causes greater reputational damage than ever, while also having adverse financial effects. So on this Data Protection Day it is time to be aware of the threats and the regulations related to data protection this year.
The new era of data security
Nick Taylor, managing director of strategy for the UK and Ireland, Accenture, said: “Data Privacy Day presents an opportunity to think about the new era of data security that is almost upon us. In less than four months from now, the EU General Data Protection Regulation (GDPR) will come into effect and change how businesses and public sector organisations can handle the information of customers.”
“It is important that companies do not regard this new regulation as a burden, but as an opportunity to become more aware about what data they have and as a chance to build trust with customers and employees. Businesses that use the new ruling as a catalyst to overhaul customer experiences and deliver transparency to consumers will quickly find themselves in a leadership position,” Taylor said.
Personal data equals money
Adenike Cosgrove, cybersecurity specialist, EMEA, Proofpoint, said: “Whilst social media has developed into a key communication method between brands and customers, this years’ Data Privacy Day brings important attention to the risks associated with over-sharing on these platforms, building awareness in the minds of consumers of how much value their personal data holds.
Social media continues to be the adversary of personal data privacy. Not only are users prone to over-sharing sensitive details on public platforms, but malicious hackers and cybercriminals are increasingly using sites such as Twitter and LinkedIn as their playground, using sneaky methods to gather as much personal data as possible.
Personal data equals money in the eyes of criminals, and this means individuals should value its protection as such. Over the past year we have seen a surge in the volume and sophistication of social media customer support fraud – also known as “angler phishing” in which individuals are tricked into providing fake support accounts and lookalike pages with usernames and passwords, financial information and more. Cybercriminals are able to mimic popular brands with frightening accuracy, and even savvy internet users can fall victim.
Start learning about DataOps on Data Protection Day
Jes Breslaw, director of strategy, EMEA at Delphix, said: “Data privacy has become a basic human right. With data breaches on the rise and tough new legislation, such as the EU’s impending General Data Protection Regulation (GDPR) on the horizon, data protection needs to be the number one mandate for companies today.”
“Too often companies have to balance data protection risks with the pressure to move fast. GDPR tips the scales towards data privacy, meaning global businesses have to rethink how they provide secure access to data throughout their organisation.”
“Start learning about DataOps – Companies should be investigating the idea of DataOps. This approach assigns dedicated people and tools to manage and secure data across an organisation. DataOps enables data operators to know exactly what data is where, to be able to secure (mask) data that is sensitive, and to ensure that data consumers still have access to the data they require, when they need it.”
“Govern data access – DataOps and Dynamic Data Platforms enable you to centrally control all non-production copies of your data and mask data at the same time. Data operators can manage who has access to what data, for how long, and when. Data consumers can access and use data independently, while administrators retain full control over masking, privileges and physical resources.”
The big 2017 breaches were warnings
Hervé Dhelin, SVP Strategy at EfficientIP, said: “The various, large-scale breaches of 2017 are warnings for companies around the world. However, this year is looking hopeful with data protection as a top priority for businesses. The introduction of GDPR in May will be a major driving force for businesses small and large to take greater care in safeguarding their customers’ data. In order to, not only avoid heavy fines, but also strengthen brand reputation and customer trust, organisations want to urgently strengthen their cyber security strategies.”
“A primary area to protect is DNS because over 90% of current malware uses DNS. From our Global DNS Threat Survey Report, we know 76% of organisations around the world were subjected to a DNS attack in the last 12 months and over a quarter (28%) of those suffered data theft as a result.”
Building higher walls is not enough
Luke Brown, EMEA vice president at WinMagic, said: “Events like Data Privacy Day play an important role in educating consumers about how to be safe online, for example encouraging strong and unique passwords for each online service they use. But it is a shared responsibility to protect consumer data.”
“The industry asks consumers to use strong and unique passwords for every site, but businesses must ensure they encrypt every piece of personally identifiable information whether stored on premise or in the cloud, if we are to fulfil our own responsibilities. Just building higher walls around precious consumer data isn’t enough given the range of threats: hackers, flaws in hardware, operating systems and apps, accidental loss, accidental exposure to third parties and the list goes on”