The deadline for compliance with General Data Protection Regulation (GDPR) is fast approaching for businesses (six months this Saturday).
It replaces the Data Protection Directive 95/46/EC, and has been designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organisations across the region approach data privacy.
The legislation will come into force on 25 May 2018 and will significantly impact how enterprises collect, process, use and share data across every single business unit from customer services and marketing to human resources (HR), in all industries from financial services, manufacturing, retail and media and entertainment.
To be compliant with GDPR, companies will need to adhere to stringent data security standards, including complex and granular personal data privacy handling obligations.
They will need to be prepared for more frequent data audits, and will be required to appoint a specialist Data Protection Officer – a DPO – responsible for monitoring and managing internal compliance, and working closely with Data Protection Authorities (DPAs).
GDPR is seen by many as a digital turning point for the HR industry, and with it comes challenges and opportunities, for brands to make big improvements to data collection, stewardship and data sharing.
Box believes that security and compliance are two areas that are ripe for innovation, and an important part of this is cloud and machine learning – two mechanisms that can collectively help cultivate a modern compliance and security model.
Cloud, coupled with machine intelligence, is an incredibly valuable resource for a DPO when it comes to providing data visibility and analysis on the content or information a company possesses.
>See also: 6 steps to GDPR compliance
Businesses can unlock faster and deeper insights into content than ever before, and in turn make it easier to ensure the company is compliant within the moving landscape of data privacy, data residency and industry-specific regulation.
For example, businesses can now, for the first time ever, detect individual objects and concepts in images, capture text through optical character recognition (OCR), automatically add keyword labels to images for faster search and filtering, and easily build metadata on an image.
This innovation in machine intelligence for image recognition is revolutionising how people manage image-based content and streamline image-based workflows, and marks the beginning of what is possible with machine intelligence in a cloud environment.
HR departments, for example, can easily trace, map, or retrieve employee information stored in the cloud, including benefits, payroll, and performance reviews, through search filters and metadata.
They can also ensure that confidential employee information is protected with granular access controls and complete audit trails, as well as automatically retain, archive or delete documents, to comply with regulations – without any extra work.
It would be naïve to paint a completely rosy picture of cloud and GDPR. Failure to comply with GDPR will result in heavy penalties, which can lead to serious financial and reputational damage.
It’s therefore important that when using cloud, companies practice due diligence and work with partners they can trust and as they embark on the journey to becoming GDPR compliant.
Organisations need to be particularly aware of cross-country data residency laws. The public cloud delivers economies of scale by locating data in different parts of the world, however there are complex and varying regional and local data residency laws which require attention to detail and a clear strategy is required.
Many cloud providers today are rushing to add data centre facilities and relevant certifications, but researching cloud content management providers, and working with those who have a longstanding reputation for security and have built a clear infrastructure and network is key.
>See also: GDPR from a consumer perspective
It is therefore more important than ever for cloud vendors, to demonstrate responsibility, as content management systems for customers’ data, and be prepared to show good governance.
Box, for example, have created Box Zones that allow data to remain within countries, we work closely with Europe’s DPAs, and have received approval for our Binding Corporate Rules (BCRs), we also have Privacy Shield, TCDP and C5.
GDPR is the most high-profile legislation to affect IT and the management of personal data in recent years. Its impact will be significant, particularly when it comes to encryption, security, auditing of technology-enabled processes and access management, creating a new line in the sand for data management.
Organisations have the chance to embrace the opportunity and address long-standing inefficiencies to increase security, and build a platform for intelligent insights that will take them into a new era.
However when doing so, they must not be discouraged by the challenges that come with reshaping the way their organisation approaches data privacy, and ensure they work closely with a vendor who will partner with them through the process, and demonstrates accountability and good governance.
Sourced by David Benjamin, VP and general manager for EMEA at Box