Back in 2018, Gartner predicted that only 50% of organisations would be ready for the impact of GDPR on their data. Three years on, whilst this number, in theory, should be much improved, is it really fair or appropriate to make such a comparison when the digital landscape is so different?
Company concern has evolved from one of tick-box compliance to one that balances both compliance and the need for effective data protection as a differentiator. The general consensus is that existing tech regulations aren’t enough in such a consumer-centric world where privacy and security are every bit as important to people as the service being provided. And businesses must now adopt a two-pronged attack where they continue to urge greater assistance from GDPR, while investing in their own levels of visibility to keep up their end of the data bargain.
Following its three-year anniversary, many questioned whether GDPR has had the impact it was intended to, and we’ve seen businesses of all sizes come under fire for a lack of compliance during this period. In fact, according to DLA Piper’s latest GDPR Data Breach Survey, there have been more than 281,000 data breach notifications since the inception of GDPR on 25th May 2018. However, despite fines mounting in their millions – not to mention the reputational damage for businesses breaching data protection laws – what GDPR has mostly failed to do so far is instil much-needed confidence that consumers’ data is safe. Although it has created additional transparency around requiring organisations to report data breaches in a timely fashion and uphold minimum requirements to data security, which is a huge step in the right direction.
For businesses and consumers in the UK, this lack of surety and comfort has also been compounded by the new UK GDPR framework which has been implemented since the country’s breakaway from the EU. And then, of course, came COVID. In just three years, the digital goalposts have shifted. Both government regulation and business strategy now need to adapt accordingly.
Fintech could supercharge a post-Brexit UK
Everyone is playing catch-up
It is this shift and evolution of people’s digital lifestyles that is driving scepticism around GDPR’s effectiveness. The rapid pace of tech innovation, increased reliance on data, and the growing threat of cyber security have all been pinpointed as areas that have outgrown the blueprint launched in 2018. For IT leaders, the overwhelming feeling is that GDPR isn’t doing a good enough job to regulate the handling and protection of data in relation to the updated and decentralised IT landscape.
Scoping the opinion of 1,000 IT leaders and 3,000 employees, a similar call for stronger rules and updated guidelines was also shared through Snow’s 2021 IT priorities report. This found that 94% of IT leaders and 82% of employees believe more regulations are needed in the tech arena. Only 74% of the latter reported the same back in a 2019 global worker survey, highlighting how much has changed in a short space of time. More specifically, of those who do want to see more tech regulations introduced, the two leading areas brought to light were data protection and cyber security.
Compliance and market expectation: a double-edged sword
It makes sense that data protection and cyber security would be high priorities for many individuals. Since the start of 2020, and upon the rise of the pandemic, a rapid and necessary shift to remote working took place. Not only that, but consumers were forced to conduct vast portions of their day-to-day routines through digital channels. As a result, both individual and organisation’s digital footprints have expanded exponentially, and the end result is a stronger comprehension of the privacy pitfalls that come with such a strong digital presence.
Understandably, they’re holding organisations that collect and store data responsible, and to account, over this level of privacy. And a failure to either comply with regulation, or to ensure data protection in a more competitive marketplace, is a double-edged sword that businesses need to address.
With consumers and employees now expecting a true hybrid proposition of both on-premises and cloud services, technology blind spots need to be mitigated as a matter of urgency.
3 steps to an effective data management and compliance strategy
Conjoined, intelligent and strategic ecosystem
In such a data-driven world, culpability and legislation such as GDPR is vital. But it has to be fit for purpose on a moving scale, when trends, preferences and threats are developing so rapidly. This is why companies also must take ownership of the data challenge and play their own role in being compliant with consumers – not just state law. Moreover, to be truly disruptive and effective, businesses must be armed with the correct tools to actually manage compliance. And for this, the biggest asset will be visibility.
Tools that provide visibility and manageability of an organisation’s entire IT ecosystem are vital. From that position of overarching insight, strategy and investment can be earmarked according to an informed roadmap; rather than adhering solely to a legislation that you already know isn’t completely effective at this time.
Given the hybrid IT era that is upon us, this enhanced visibility can help to connect siloes within companies, to give a unified view when it comes to data analysis and use, and to enable actual transparency with consumers so they are comforted by the privacy protocols that are in place.
With this conjoined, intelligent and strategic ecosystem in place, organisations can truly protect personal data and keep customers safe, no matter how quickly the business world continues to evolve.