Data Privacy, Security & GDPR

LIVE

Your customer data is your most precious resource. How secure and prepared is your team for the impending EU General Data Protection Regulation (GDPR), in effect May of 2018?

This workshop will provide key actions you should consider and share new research on how top leadership is preparing for a more secure future with mobile.

Welcome Jessica and Jay. Thanks for joining me.
So Jay, GDPR. This seems like one of the most massive undertakings in a long time. Can you give me a quick top line on the purpose and then we can dive into the details.
Sure. So the EU General Data Protection Regulation or GDPR comes in to force on May 25th and replaces the previous directives and is designed to harmonise data privacy laws across Europe and protect the data privacy of EU citizens and shape how organisations use that data.
These days, it seems like organizations have more data than they know they have or even know what to do with. Are you seeing a lot of confusion with the new regulations and how people are interpreting them, especially when we all seem to be data hoarders?
Well whilst many organisations have made steady progress in preparation, I think it’s fair to say that there are some that are struggling to complete all requirements and understand the wider impact on the business to become fully compliant.
I wonder if this is uncovering security risks that companies didn’t know they had?
Yes as companies start to review their existing process and security strategies, it also adds new challenges around breach notifications, encryption and data protection by design to name but a few. These are all key considerations for GDPR and the wider security posture.
It seems that you can go two directions - “retro fit” your current stack to meet the deadlines or put in place a tracking and compliance system to help streamline the process but potentially missing the required deadlines and making investments that were not budgeted for.
Are you seeing any trends one direction of the other?
Hi Caree
Delighted to join you and Jay
The priority until very recently has been on putting in place policy and process changes to get to 25th May. There is new focus now on “Day 2 Operations” and the technology choices that will support good individual rights management and well managed and governed data.
Is the May deadline achievable for most organizations?
That depends, of course, on your definition of “achievable”. A recent Forrester survey indicated that only 30% of organisations thought that they would be ready in May.
Will regulators hold tight to this deadline if the estimate is so low?
Every indication is that regulators will hold tight to this deadline. The likelihood is that they will view those who have made demonstrable progress and have clear plans to readiness much more favourable than any remaining “ostriches” who are hoping for the best.
Because I am a marketer, I know how that “vertical” uses data - but can either of you talk about the industries that are not so “obvious” users of data that GDRP is heavily effecting?
Jessica, I love that you said “ostriches”. I lived through the “Year 2000 bug” and there were a lot of ostriches during that one!
The GDPR effects all industries that make intensive use of personal data...so all B2C businesses are heavily impacted - as are B2B businesses with significant numbers of distributed employees and/or a complex set of third party arrangements which include personal data.
I’m going to go back to something that Jay mentioned earlier - breaches. In your experience with clients, are you finding that this scrutiny of data is uncovering many unexpected issues like breaches?
It seems such a large and complex undertaking, I wonder if what else might be discovered
I would say that many organisations are starting to have a deeper look at their processes and security operations and this is uncovering a lot of governance issues and data access irregularities and in some cases breaches.
With the 30%, which I am still a bit astounded by, are these organizations who will meet the deadline the one’s we would expect to be ready for this like IBM, or have you been surprised by others?
I am just having difficulty understanding the deadline and the ability for orgs to achieve that to any success? Could the rush to meet this actually hurt the process?
Most of the rush is focused on quick fix changes to policy and processes. The “hurt” could be in spiking operational costs on Day 2 as organisations attempt to run manual processes for individual rights management - data subject access requests, consent opt ins and outs etc.
This is going to be very interesting to watch for sure. Jessica and Jay, thank you so much for spending the time here and for giving us a better handle on GDPR. Looking forward to meeting you both in person in Barcelona. I am sure your session will be highly anticipated!
If you are a member of this panel, please sign in to contribute.