Intelligent CISO Issue 13 | Page 30

editor’s question KARL LANKFORD, DIRECTOR, SOLUTIONS ENGINEERING, BEYONDTRUST O ne year on, GDPR still presents challenges for organisations as many are still not truly in compliance. A lot of companies continue to have problems due to the ever-increasing volume of data, which makes it increasingly challenging for businesses to get a complete view of where all data resides and who has access to it. This can be compounded with an increase in outsourcing, merger and acquisition activity taking place frequently across sectors, creating increased uncertainty around data ownership in the new entities. As such, organisations are in this unique, unenviable position where there is an ever-increasing volume of data, coupled with increasingly empowered consumers that understand why their data needs to be protected, resulting in amplified 30 pressure to demonstrate compliance. Not only this, but the reputation and revenue of businesses is now on the line if they haven’t committed to a requisite long- term compliance strategy. Due to this, businesses can’t rest and have to act quick in demonstrating compliance. Google being fined €50m for failing to provide users with transparent and understandable information on its data use policies is testament to this. While such a fine isn’t necessarily a huge amount of money for a company of Google’s size, it’s still significant and serves as a clear warning to other organisations. The impact of fines to high-profile businesses has brought GDPR into the limelight, massively increasing its awareness and understanding, not just among businesses but among consumers too. The ICO published figures for Q2 of 2018/19. There was a total of 4,056 data security incident reports in this period vs 687 for the same period in Q2 2017/18. This increase is representative of a new, cautionary approach that makes it less likely for a breach to slip through the net. Despite challenges in achieving compliance, GDPR is working and there are rewards to be reaped. Businesses that can demonstrate full transparency of consumers’ data and ensure its security over the past year, becomes a huge competitive advantage. As younger data-savvy generations become consumers of these products, such transparency demonstrated by companies will become ever-more important to them, influencing their loyalty and buying decisions. u As younger data- savvy generations become consumers of these products, such transparency demonstrated by companies will become ever-more important to them, influencing their loyalty and buying decisions. Issue 13 | www.intelligentciso.com