CS1907
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
data-centric economy<br />
GDPR - OPPORTUNITY, NOT THREAT<br />
GDPR HAS INCREASED DEMAND FOR DATA PROTECTION PROCESSES THAT ARE FLEXIBLE,<br />
AUTONOMOUS AND EASY TO USE. DEBBIE GARSIDE, GROUP CHIEF INNOVATION SCIENTIST<br />
AT SHEARWATER GROUP AND CEO OF GEOLANG, EXPLAINS<br />
Debbie Garside, Group Chief Innovation<br />
Scientist at Shearwater Group and CEO<br />
of Geolang.<br />
Since GDPR came into force,<br />
businesses handling personal<br />
data have turned their attention<br />
to processes that protect sensitive<br />
information by design and by default.<br />
This was a key innovation in the<br />
legislation and has extended data<br />
protection from a technical issue to<br />
a matter of process and psychology<br />
at all levels of the business; including<br />
every employee by default.<br />
In a data-centric economy, identifying<br />
and categorising different types of data<br />
is an enormous task. The Information<br />
Commissioner's Office (ICO) expects<br />
enterprises to know where sensitive data<br />
is located and to take steps to prevent<br />
its theft, loss or unauthorised access;<br />
yet, over a year on, and still many<br />
organisations are failing to implement<br />
even the simplest 'technologies' to assist<br />
with the task.<br />
Reportedly, 96 per cent of data<br />
breaches are accidental; however,<br />
breach-reporting deadlines and<br />
potential fines apply, regardless. With<br />
the reported £183 million penalty<br />
indication for the BA data breach from<br />
the ICO this week, these penalties are<br />
no longer a figment of what might be,<br />
but indicate, rather, what will be, if<br />
organisations do not take care of<br />
their data - board-level culpability will<br />
undoubtedly ensue. This will serve<br />
as the much-needed catalyst to fully<br />
support those CISOs, CTOs and CIOs<br />
who are still having difficulty persuading<br />
boards of the risk not just to their data,<br />
but to the business as a whole.<br />
As a data discovery and data protection<br />
company, GeoLang has seen increased<br />
demand for our systems, because we find<br />
and categorise data both autonomously<br />
and in real time, with the flexibility to<br />
apply different policies to different data.<br />
This prevents - for example - the emailing<br />
of a client contact list to the wrong<br />
recipient or alerts if any proprietary<br />
information is copied to a USB drive. In<br />
addition, flexibility and ease to search for<br />
personally identifiable information (PII)<br />
across the enterprise is key to servicing<br />
Subject Access Requests (SARs) and we are<br />
seeing a plethora of requests for GeoLang<br />
technologies to assist in such cases.<br />
Each client has a different set of<br />
requirements, with many different<br />
operating systems and repositories making<br />
up the average enterprise. A flexible, agile<br />
approach is a necessity and we work hand<br />
in hand with clients in the development<br />
and deployment of our solutions; there<br />
is no 'one size fits all' or a 'silver bullet'<br />
solution, and our personalised service<br />
is proving to be both an asset to our<br />
customers and to us, as it supports our<br />
product development lifecycle.<br />
One of the fears in the lead-up to GDPR<br />
was that the regulations would decrease<br />
productivity, tying up businesses with<br />
extra administrative work. The reality<br />
is somewhat different. Increased<br />
opportunities for innovations around<br />
technologies that protect sensitive<br />
data and clients' rights are offset by<br />
organisational and digital resilience that<br />
future-proofs the enterprise, leading to<br />
increased competitiveness and growth.<br />
20<br />
computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk