CS Jul-Aug 2023
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GDPR<br />
that bridges the gap between the general<br />
provisions of the regulation and their<br />
concrete implementation across the whole<br />
cloud industry. Since its approval in 2021,<br />
the Code has been playing a key role when<br />
it comes to cloud compliance, fostering<br />
the application of robust technical and<br />
organisational measures throughout the<br />
sector.<br />
How has the GDPR gone so far within<br />
the industry? We asked several interested<br />
parties and here are their responses:<br />
Sylvain Cortes, VP of Strategy, Hackuity:<br />
"Compliance is essential, but we urge<br />
organisations to take the opportunity to<br />
think beyond baseline requirements to<br />
develop a culture of continuous cyber<br />
improvement. It's important to remember<br />
that achieving compliance shouldn't be<br />
treated like 'exam-cramming' with last-ditch<br />
efforts to achieve annual or quarterly audits.<br />
The goal is to achieve more than the<br />
minimum requirements and move away<br />
from the tick-box mindset. GDPR compliance<br />
is necessary, but it is far from sufficient for<br />
modern organisations."<br />
Rick Hanson, president, Delinea:<br />
"I've been in the cyber community since<br />
the mid-90s and one consistency over the<br />
years is that personal data has always been<br />
paramount. However, even though the<br />
industry often understood what needed to<br />
be done to protect personal data, it was<br />
frequently deemed to be too costly or<br />
complex to implement.<br />
"Five years ago, I applauded the EU for<br />
taking a stand, and providing guidelines and<br />
a framework to ensure that personal data<br />
and privacy were protected with GDPR. Yet<br />
even as this legislation passed and privacy<br />
advocates celebrated, many businesses<br />
were very concerned, due to perceived<br />
burdensome and costly efforts that would be<br />
required of them to be compliant. Looking<br />
back on this anniversary, I am very encouraged<br />
that the technology community has<br />
innovated and evolved to solve many of<br />
these issues and challenges quickly. My belief<br />
is that it sets a solid foundation that the rest<br />
of the world can follow, as we continuously<br />
work to protect our personal data and<br />
privacy.<br />
"We have come a long way since the early<br />
days of cyber and GDPR makes a significant<br />
impact, yet it does not solve the cybersecurity<br />
threat. It offers a framework that helps<br />
classify and protect - yet these policies<br />
are public, giving any attacker a roadmap<br />
on how to circumvent the policy. As good<br />
as GDPR policy is, it does not mean our<br />
personal data is completely secure. We must<br />
continue to educate and innovate to solve<br />
these ongoing data privacy and security<br />
challenges."<br />
Paul Brucciani, cyber security advisor,<br />
WithSecure<br />
"The European Commission is criticised for<br />
many things, but GDPR is the one thing<br />
where it can hold its head up high and say,<br />
'We've led the world in this'. As regulatory<br />
milestones go, it's the equivalent of climbing<br />
Everest. And it seems to be working, as other<br />
jurisdictions are following suit.<br />
"Internet fragmentation, driven by the quest<br />
for digital power, is creating regulatory complexity<br />
and the EU has an important role in<br />
leading the world through this. For example,<br />
AI is the next big field that will need regulating<br />
and the EU has again made a head<br />
start on this with its proposed AI Act, a legal<br />
framework that is intended to be innovationfriendly,<br />
future-proof and resilient to<br />
disruption."<br />
Michael Covington, VP of Strategy, Jamf:<br />
"The EU's GDPR has had a tremendous<br />
impact on how organisations around the<br />
globe handle personal user data since the<br />
regulation went into effect five years ago.<br />
The threat of substantial fines - including the<br />
almost €3 billion that have been levied since<br />
Paul Brucciani, WithSecure: AI is the next<br />
big field that will need regulating and the<br />
EU has again made a head start on this.<br />
Eduardo Azanza, Veridas: trust in biometric<br />
solutions must be based on transparency<br />
and compliance.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jul</strong>y/<strong>Aug</strong>ust <strong>2023</strong> computing security<br />
25