Data Protection Day 2020: De-risking in the era of transparency
JOHANNESBURG - The issue of data protection and privacy was, until recently, a conversation confined to a specific group of people within an organisation.
Unless you were an IT consultant or a corporate lawyer, privacy compliance was something somebody else took care of. So, how have we reached the point where many organizations are bound by law to employ a Data Protection Officer (DPO)? Why are CEOs now so interested in their company’s data protection and privacy policies?
You could be easily fooled into thinking data privacy as a field has only existed since 2018, but nothing could be further from the truth. From an anthropological perspective, human beings have longed for privacy for over 3,000 years. The use of internal walls within buildings which started to become commonplace in 1500 AD proves this. The concept of the ‘right to privacy’ as we know it is indeed younger – eventually being formalised as an international human right in 1948. Sweden became the first country to enact a national data protection law in 1973. Even this, the first tangible effort to regulate data privacy, happened in response to public concern over the increasing use of computers to process and store personal information.
While our understanding of the current data privacy conversation must operate within this context, there is no denying that 2018 was a watershed moment. The General Data Protection Regulation (GDPR) in the European Union may be less than two years’ old, but its impact has been significant. As well as its very specific nature which makes the regulation enforceable, GDPR regulators have not been frightened to flex their muscles. To date, it has collected almost €429 million in fines – serving as a constant reminder to any business processing the data of European citizens that there are penalties for not adhering to data privacy requirements.
The privacy skills gap
As well as providing a clearer framework for appropriate data handling practices, GDPR has made data protection and privacy more about people. Rather than talking in terms of technical standards and software requirements, it is based on fundamental citizens’ rights and how people within an organization can uphold them. One of the most specific lines of the GDPR is Article 37, which states that certain companies must appoint a Data Protection Officer to be compliant. More specifically, any public authority, a company whose core activities require large-scale monitoring of individuals or consist of large-scale processing of criminal data.
Wherever appointing a DPO is not required under GDPR, it is advised as best practice for companies who need to ensure they have the right data processes in place. Given that the latest Veeam Cloud Data Management report shows that organizations across multiple industries will spend an average of $41 million deploying technologies to boost business intelligence, experienced DPOs have become hot property. In 2018, when GDPR was passed, as many as 75,000 vacancies for DPOs needed to be filled – with Europe and the USA accounting for around 28,000 of these roles.
Especially during this period of transition, organizations across the board must foster a culture of transparency in terms of how data is used. Not every person in the business can be a data protection expert, but all employees must appreciate and understand the basic principles. Furthermore, while the ownership of GDPR compliance lies with the DPO, the buck ultimately stops with the CEO. Data protection is a business conversation as well as a technology one. With that said, businesses must have an IT strategy in place which enables solid data protection practices.
Minds over matter
Veeam research shows that three-quarters of IT decision makers globally are looking to Cloud Data Management as a means of creating a more intelligent business. Cloud Data Management brings together disciplines such as backup, replication and disaster recovery across an organizations’ entire cloud and data management provision. It ensures that data is always available, recoverable and protected at all times. But like data privacy, IT is a people industry too. In a world where businesses need to protect their data more than ever before, CEOs, CIOs and DPOs alike are looking for trusted partners to help de-risk their data management. This support may take the form of configuring data management systems, providing technical training for administrators, or basic data privacy training for end-users.
Data Protection Day is an appropriate time for us to reflect on how we use and view data. Moreover, as we begin a new decade, it’s an apt moment to acknowledge that we are still in the midst of transformation. The impact of GDPR will continue to be profound as businesses adapt to its demands and its enforcers become less patient with those who fail to comply. More fines and reputational damage will only add to the demand for DPOs – people with the expertise and appetite to take on the data privacy challenges of an organization. While investing in technologies like Cloud Data Management will be fundamental to the DPO’s strategy, privacy is now a people business. Therefore, the shrewdest investments will be in trusted partners who can guide people at every level of the organization through the rigours of remaining compliant and help create an authentic culture of data transparency.
Daniel Fried is the general manager (GM) and senior vice president (SVP), EMEA and worldwide channels at Veeam.