Resistance is futile – Protecting your company from non-compliance with data protection regulations

David Hodgson of Syncsort

May 25, 2018 came and went, leaving many companies unprepared for the level of compliance that the General Data Protection Regulation (GDPR) requires. Even with four years notice, IT technologists responsible for business resilience strategies are still struggling to add new sophistications to the list of data protection goals. Syncsort’s 2018 State of Resilience Report shows that security and data privacy concerns are top of mind for most IT departments, especially as they adopt cloud platforms to gather, store and analyse data, says David Hodgson, chief product officer, Syncsort .

The long arm of the law

According to the GDPR authors, “the processing of personal data should be designed to serve mankind.” GDPR builds on and replaces the earlier data protection directive 95/46/EC and was primarily designed to unify and standardise data privacy laws across Europe. But, it raises the data privacy bar for organisations both inside the region and those outside wishing to do business with EU countries.

Bottom line: it would behoove any company, anywhere, to reconsider its data management practices in the light of GDPR. Do you know what data you have, about whom, how that is used by you or shared with others? Is it properly secured against theft? The same survey, with nearly 6,000 global respondents, found that most companies are still grappling these issues.

Putting the individual back in charge

GDPR ensures an individual’s right to know a company is keeping personal data on them, what that data is, the right to inspect and correct it and, most significantly, the right to have it removed, or the right to be forgotten.

The new approach starts with the right of consent. Many individuals have experienced this personally with companies sending emails to confirm approval to keep personal data. Certainly, as much as data is the fuel for many new business models, data is now also the new banana-skin that may cause a few slip-ups.

The first step is to clearly track what data you have, about whom and to confirm consent. A key part of this is unifying your view of an individual across different systems, databases and data sources. Is David Hodgson the same as David M Hodgson or are these two different people? To achieve this visibility, ensure you have the proper tools that can deliver and maintain data integrity.

Data quality tools that can both identify personal data and help keep it accurate, clean and de-duped are all essential to achieve compliance. Equally important is the ability to maintain an audit trail of who has accessed personal data. However, these requirements are only made harder in the realms of big data and streaming data.

What is personal data and how can it be used safely?

The spread of data gathering practices that routinely individualise our online experiences have underpinned the Digital Revolution, but it has also driven the concerns that have led to GDPR.

Article 4(1) of the GDPR defines Personally Identifiable Information (PII) as data that identifies, describes, or is unique to an individual. This includes the obvious – name, age, and social security numbers – but also items like IP addresses and device IDs and hashed or encrypted data fields if their purpose is to identify an individual.

GDPR requires companies to protect the privacy of individuals and advises that most processing be done with the removal of direct identifiers so there can be no linkage to a specific individual. This concept is known as data pseudonymisation and it can reduce the impacts of security breaches that result in data being stolen.

Building new systems that are compliant by design is always easier, and more effective than retrofitting capabilities to older systems. Anonymisation, masking and obfuscation tools should be key components in either case, but the cost-driven reality is that most companies will be in search of tools to integrate easily with existing data access points.

Most companies have multiple databases and increasingly share data between them for real-time use cases. These use cases are often essential drivers of business growth for companies, but they are also the source of vulnerabilities. Tools that track what data is being shared must cope with the scale and fast-paced change that these new architectures allow.

The future always arrives faster than you think

The speed of time generally leaves us unprepared, and this always seems to be true in the world of IT. Failure to comply with GDPR can result in a €20 million fine or 4% of a non-compliant organisation’s global turnover – not to mention the impact on company reputation. Now that the May deadline has passed – unless companies achieve full compliance – it is just a matter of time before we see the first enforcement fines.

The author of this blog is David Hodgson, chief product officer, Syncsort

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Fuzzy Logic raises €2.5mn to put robots in the hands of operators

Posted on: September 21, 2021

The Franco-American start-up Fuzzy Logic announces a €2.5 million seed round of financing from two European DeepTech funds: 42CAP, an industry-specialised German fund based in Munich, and Karista (via the Paris Region Venture Fund), an early-stage VC firm based in Paris.

Read more

US businesses show IoT investment resilience, despite pandemic

Posted on: September 20, 2021

Despite the adversity caused by the COVID-19 pandemic, grounds for optimism remain for IoT spending in the US.

Read more