CS Jul-Aug 2023
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
GDPR<br />
Colum Lyons, ID-Pal: five years on from<br />
the introduction of GDPR and there is still<br />
a long road to go.<br />
Andy Robertson, Fujitsu UK and Ireland:<br />
going forward, the rise of AI-driven<br />
cyberattacks will make data protection all<br />
the more critical.<br />
the regulation went into effect - have forced<br />
companies to take privacy and security more<br />
seriously. And the impact is not just contained<br />
within Europe; GDPR has inspired more<br />
than 100 other regional privacy standards,<br />
including those in many of the individual US<br />
states.<br />
"Of course, with a regulation as complex<br />
as GDPR, there's still work to do, both for<br />
the governing bodies and the organisations<br />
that must achieve compliance. Learnings<br />
from the COVID-19 pandemic have raised<br />
concerns about new public health and data<br />
considerations that should be factored into<br />
future legislation. Additionally, the post-Brexit<br />
version of GDPR for the UK is still a work in<br />
progress, as is a firm stance on how data can<br />
be shared between EU member states and<br />
'partner' countries.<br />
"For individuals, GDPR is making a difference<br />
in how their personal data in safeguarded.<br />
And, for CISOs and data protection<br />
officers, the work continues to ensure<br />
organisations achieve regulatory compliance<br />
in a way that minimises disruption to the<br />
core business, while ensuring employees,<br />
customers and partners have confidence in<br />
how their personal data is being managed."<br />
Eduardo Azanza, CEO, Veridas:<br />
"Without question, GDPR has revolutionised<br />
data privacy and protection, and now, with<br />
the introduction of biometrics, the regulation<br />
takes on even more significance, as it celebrated<br />
its 5th anniversary. As defined by<br />
Article 4 of GDPR, biometric data is a form<br />
of personal data - therefore, businesses must<br />
carefully and securely manage it.<br />
"Earlier in May, Mobile World Congress<br />
(MWG) was slapped with a €200,000 fine<br />
by GDPR after they had collected biometric<br />
data from show attendees. The organisers<br />
failed to demonstrate due diligence before<br />
collecting biometric data, therefore infringing<br />
Article 35 of GDPR, which deals with requirements<br />
for carrying out a data protection<br />
impact assessment (DPIA).<br />
"With the rise of biometrics and AI, the<br />
focus on data protection and privacy has<br />
never been more important. Questions<br />
should be asked of biometric companies to<br />
ensure they are following GDPR laws, and<br />
are transparent in how data is stored and<br />
accessed. Trust in biometric solutions must<br />
be based on transparency and compliance<br />
with legal, technical and ethical standards.<br />
Only by doing this can we successfully<br />
transition to a world of biometrics that<br />
protects our fundamental right to data<br />
privacy."<br />
Colum Lyons, CEO and founder of ID-Pal:<br />
"Five years on from the introduction of GDPR<br />
and there is still a long road to go. Even this<br />
week, Meta has been hit with a record €1.2<br />
billion fine by the Irish Data Protection<br />
Commission (DPC) for violating a GDPR rule,<br />
proof that severe consequences are waiting<br />
for businesses, if the right GDPR-compliant<br />
measures are not in place.<br />
"Customers' personal data must be carefully<br />
managed and a lot of organisations still<br />
struggle to do this. As more and more<br />
industries are being asked to verify their<br />
customer identities, this is even more critical<br />
to get right when verifying identities as part<br />
of Anti-Money laundering (AML) or Know<br />
your Customer (KYC) processes. The onus is<br />
on the organisation to capture, verify and<br />
store their customer's personal data securely.<br />
Identity verification processes that use<br />
document verification, alongside biometrics<br />
and database means a solution meets<br />
regulatory guidelines in a more robust way,<br />
making the process more complex for<br />
fraudsters to outwit but makes the journey<br />
seamless for users."<br />
Andy Robertson, head of Enterprise and<br />
Cybersecurity Business, Fujitsu UK and Ireland<br />
"Once a compliance headache for businesses,<br />
GDPR has since been emulated by similar<br />
26<br />
computing security <strong>Jul</strong>y/<strong>Aug</strong>ust <strong>2023</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk