Data Protection Day is upon us. In this article, nine IT experts reveal their thoughts on everything from where your data is stored to the importance of continuous training.
Last year, Data Protection Day was all about how GDPR was imminent, how to become compliant, and the impact that it was going to have worldwide. Twelve months on and the conversation still drifts towards GDPR, albeit the focus is now more on simple and practical measures that businesses can take.
Location, location, location
There are now more options for where businesses can keep their data than ever before, and while this brings a wealth of benefits, it also creates the challenge of knowing exactly where all of your data is at all times as Neil Barton, CTO at WhereScape, explains.
“The only way to ensure that your business and customers are protected, and remain compliant with any regulations is to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to understand its usage.”
“This is where automation comes in – data infrastructure automation can help companies ensure all data is adequately tagged, ensuring data is identifiable, auditable and quickly retrievable.”
Jon Lucas, director at Hyve Managed Hosting, notes how the ever-looming GDPR should give businesses with data in the cloud or with hosting providers food for thought.
“Almost a year post-GDPR and, quite rightly, data protection remains firmly in the spotlight. Though the reminders might seem tedious, being confident in your data security is more crucial now than ever before.
“Hosting and cloud providers in particular need to prioritise security measures that can help prevent cybercriminals from taking advantage, thereby ensuring that their customers’ data is kept safe.”
The need for resiliency, recovery and security
When it comes to implementing technology to assist with meeting data protection regulations, resiliency has to be top of mind, according to Steve Blow, tech evangelist at Zerto.
“The adoption of the latest technology, with innovative new approaches, has led to this number of both planned and unplanned disruptions in a business rising.
“Combating this means companies need to start looking outside of traditional backup capabilities to keep the business online; they need to choose a modern, resilience approach that can utilise continuous data protection.”
Similarly, Alan Conboy, CTO at Scale Computing, reminds us how important backup and disaster recovery have become to keep data safe.
“As more organisations are moving their workloads to edge and hyperconverged environments, companies are looking to protect and recover these workloads. Backup and disaster recovery used to simply be good business practices. Now, for many industries, they are a big part of regulatory compliance.
“Platforms that include a variety of backup and disaster recovery features including snapshots, replication, failover, failback and cloud Disaster Recovery-as-a-Service are key.”
But recovering from a cyber attack should not be the only plan, says Shannon Simpson, cybersecurity and compliance director at Six Degrees – businesses need to be secure from the start.
“Understanding how every fragment of data is collected, where it is held, and how it is accessed and used can be the difference between having a profitable, secure business and succumbing to damaging breaches.
“The key is employing Cyber Security Maturity (CSM) modelling, which allows organisations to understand their security posture with granularity, providing a roadmap to robustness.”
Learn something new everyday
Compliance training is key according to Steve Wainwright, managing director EMEA at Skillsoft, who believes that continuous education is necessary for employees to gain the skills needed to keep GDPR top of mind.
“Ongoing compliance training will ensure employees are aware of the new rules on personal data management, while also increasing accountability throughout the organisation.
“Training helps employees stay mindful of potential compliance impacts when making decisions, particularly those involving the handling of data. A one off training session won’t be enough; companies need a comprehensive, ongoing training strategy to address GDPR."
John Williams, product manager at Node4, agrees that employee training is crucial for businesses to protect their data, on top of the range of technology that is available.
“Treat your staff as your human firewall, educate them in the threats they may be exposed to and get them active and aware of those threats – they are your intelligent line of defence. Added to this, regular vulnerability scanning and penetration testing provides vital intelligence that your security is matched to the threats.
“And, should serious problems occur, disaster recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”
Your data and regulations
Your right to own your own data has never been more in the spotlight, and so Nigel Tozer, solutions marketing director EMEA at Commvault encourages people to take an active role in controlling what businesses know about them.
“From a personal perspective, I’m aware of my data being used and abused just as much as before the act came into effect, the visible elements surfacing as spam, of course. Suitably armed, I now take action, and I recommend that everyone does the same; make an effort to submit subject access requests and demands to be forgotten where appropriate.”
So what does the future hold? Stephen Gailey, solutions architect at Exabeam, predicts that the government will likely step in to ensure that the biggest companies holding personal data are toeing the line.
“Over the next year, I believe we will see the first sign of government control over large internet service companies. Organisations such as Google and Facebook still don’t seem to understand what privacy means. I think we will actually see some form of legislative control being put forward or even break-ups considered.”
A day like Data Protection Day should not be the only day of the year that you think about your data, but rather a reminder that it should be top of your priorities list every day.
GDPR restrictions on where and how data can be kept and who can access it mean that businesses should fully understand their data management, and ensure that every regulation can be met now and in future.