With digital transformation, there is a temptation. It’s the allure of just focusing on the deluge of information available and the potential for business advancement, if only one can successfully aggregate, interrogate and monetise it. Digital transformation and data protection, on the other hand, seem to be at odds. After-all, the principles of adding more control to data usage can feel like roadblocks on the path to becoming data driven.
Further examination reveals a quite different relationship between digital transformation and data protection. In many ways, they are co-dependent. At a recent event in London, a poll conducted by Commvault found that 80% of respondents thought that, in fact, more data protection legislation could lead to better results for businesses.
Why privacy by design is like going to gym
Jason Cronk, expert on privacy by design, a crucial part of the GDPR, but which is being rolled out worldwide, talks to Information Age about AI, GDPR and privacy in the data age. He starts by comparing Privacy by Design with going to the gym.
This, despite some businesses experiencing hiccups along the way. Steve Blow, Technology Evangelist at Zerto reckons that digital transformation has actually created many of the problems that data protection tries to solve. He noted that, “the adoption of the latest technology, with innovative new approaches, has led to this number of both planned and unplanned disruptions in a business rising.” However, solutions implemented as part of a successful digital transformation strategy can also reduce the unplanned disruptions and improve data protection.
“Companies need to start looking outside of traditional backup capabilities to keep the business online,” Blow continued. “They need to choose a modern, resilience approach that can utilise continuous data protection. This, paired with the ability to orchestrate and automate the mobility of applications to the ideal infrastructure, will enable businesses to have more than just their customers’ data protected. Organisations will become completely IT resilient, protecting data, infrastructure and reputation – without the downtime.”
Beyond preventing downtime, another aspect of digital transformation that aligns with data protection is the need to monitor, manage and track data usage within an organisation. Neil Barton, CTO at WhereScape, stresses the need to “know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to understand its usage.” This is vital for fulfilling data protection legislation requirements such as subject access requests, but also for being able to locate and move data in an agile way.
For tech’s sake: Reconciling emerging tech and the GDPR
In the lead-up to ‘G-Day’, critics warned GDPR would have a chilling effect on innovation and called on regulators to abandon core GDPR principles in favour of emerging tech. But by pitting privacy against innovation they missed the mark on both. Ironically, their pleas revealed a striking resistance to change and a vigorous defence of ‘business-as-usual’. There is no need for tech and GDPR to be at odds. Privacy lawyer, Abigail Dubiniecki, takes up the story.
However, Barton recognised that for some particularly digitally-forward companies, data can become the enemy. “Manually processing [the information from multiple different data sets] effectively can be time intensive, and error-prone. This is where automation comes in – data infrastructure automation can help companies ensure all data is adequately tagged, ensuring data is identifiable, auditable and quickly retrievable.”
This is against a landscape where businesses “face a broader range of legal, financial and reputation risks” associated with data, according to Steve Wainwright, Managing Director EMEA at Skillsoft. Wainwright advocates for ongoing compliance training to improve employee awareness of new rules surrounding data, “Training helps employees stay mindful of potential compliance impacts when making decisions, particularly those involving the handling of data. A one off training session won’t be enough.” Without such training around regulations like GDPR, businesses will find themselves derailed from their digital transformation endeavours by a lack of data protection awareness.
The role of staff in data protection, and in ensuring security through a digital transformation project more generally, is one also emphasised by John Williams, Product Manager at Node4. “Treat your staff as your human firewall, educate them in the threats they may be exposed to and get them active and aware of those threats – they are your intelligent line of defence,” he began. “Added to this, regular vulnerability scanning and penetration testing provides vital intelligence that your security is matched to the threats. Do it again and again as the threat landscape is a moving feast. And, should serious problems occur, disaster recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”
We risk a digital crisis in 2019 akin to the 2008 banking crisis, warns data privacy lawyer
Improved security overall is an important consideration in both a digital transformation and data protection strategy. Jon Lucas, Director, Hyve Managed Hosting, commented, “Being confident in your data security is more crucial now than ever before. Hosting and cloud providers in particular need to prioritise security measures that can help prevent cybercriminals from taking advantage, thereby ensuring that their customers’ data is kept safe.” However, in the event that breaches do happen, a fact of modern business, Lucas said, “Businesses need to be able to trust that their provider has suitable security and recovery measures in place, giving them peace of mind that no harm will come to the data placed in their hands.”
Finally, it is important businesses do not underestimate the impact of consumer advocacy on both the shape of digital transformation and the implementation of data protection. Nigel Tozer, Solutions Marketing Director EMEA at Commvault, commented, “While businesses are still finalising their GDPR compliance, [consumer] pressure is actually required to make the effects of the regulator more tangible.”
Tozer concluded, “I’ve been saying it for years now, but businesses should focus on profiling the data they have, where it’s stored and what it’s being used for – if they haven’t already done so. Not only will it help businesses get compliant and reduce their risk exposure, it could also reduce their costs, too.”
The race to digital transformation is a vital one — it brings agility, cost effectiveness and longevity to both traditional and disruptive businesses. However it is not one that can happen independently of a revised focus on data protection. This attention to data protection will provide businesses with the time needed to revisit established data practices, and ensure data access, security and compliance — all with a view of providing a better service to customers.