The ramifications and awareness of corporations getting access to and using personal data came to the forefront recently with the news that personal data of 50 million Facebook users was used to influence various political processes in the UK and US.
No doubt the leaders at Facebook wish they took a different approach to protecting data. At the same time, users likely wish they took more caution and control with the information they shared.
The reality is most regulations come about as a result of some unanticipated consequence. We have tools that allow us to easily collect, distill, and use data to inform our business practices. But awareness of these tactics has built up among consumers and they’re understandably concerned about how their personal information and data about their habits and activities are being used.
According to PwC’s 2017 Consumer Intelligence Series report, 25% of consumers believe most companies handle their sensitive personal data responsibly. What’s worse is that only 10% of consumers feel like they have complete control over their personal information. This awareness and concern have only grown as the size and frequency of data breaches increase.
So, how do you protect data?
Organizations are accustomed to using data without prescriptive rules, but new regulations are forcing them to make changes. While it’s not the first compliance regulation out there, the EU’s General Data Protection Regulation (GDPR) is the one that’s forcing organizations to wake up to how they’re handling data. After all, with potential fines of the larger amount – €20 million, or up to 4% of the previous fiscal year’s worldwide turnover – there’s a lot at stake for businesses.
Some organizations are looking at GDPR as a checkbox exercise, making sure they meet the requirements and then going back to regularly scheduled activities. It’s good to know you’ve done what’s required to be compliant, but what if there was a better way?
Treat GDPR as an opportunity to differentiate your business
We all know GDPR isn’t the last word on data compliance. It’s only a matter of time before a new compliance regulation comes along in a new country with even more restrictive rules. Can any organization really afford to stay in a position of constantly catching up?
Instead, why not build a security mindset in your organization by educating employees, helping them stay vigilant about the data around them, and the need to protect it? Doing this distributes the responsibility and accountability for keeping data secure across your entire organization, making it easier to be successful. It makes the security of all types of data – physical and digital – part of everyday work.
After all, if business leaders can get ahead of compliance regulations, it’s an opportunity to build lasting trust with customers by targeting a higher standard for data protection.
Data protection: People and tools are the drivers
Establishing a culture of security empowers individuals at all levels. When they understand the kinds of data being used throughout the organization and the expectations of how each type of data should be handled, they can help make proper data identification.
Data classification tools make identifying data easier by applying markings and triggering policies for how data can be accessed by internal and external users.
The best part of these tools? They make it easier to know what data you have. Because you can’t adequately protect data if you don’t know you have it.
Don’t just check the boxes on GDPR compliance
Technological advancements have accelerated our ability to generate, collect and use large amounts of data. And lawmakers are taking action in response to the demands of consumers. Regulations like GDPR make protecting it essential, just like you lock up the office at the end of the day to secure equipment and other physical assets. Data is a significant asset for organizations. It’s time to start acting like it because there’s a lot more than fines at stake.
Written by: Tim Upton
Tim Upton is a co-founder of TITUS and has an extensive background as a technology consultant in the security and large infrastructure spaces that helps inform company direction.