Once confined to small groups of people within organizations (perhaps corporate lawyers or IT specialists), data privacy is now an issue regularly landing in the inbox of C-level executives. Organizations are increasingly bound by law to appoint a Data Protection Officer (DPO) and do all they reasonably can to prevent data breaches and leaks. How did we reach this point?
While the conversation around data privacy really picked up around 2018, the concept of a ‘right to privacy’ was formalized as an international human right in 1948. National data protection laws soon followed, with Sweden being the first to enact such a law in 1973. Increasing public concern at the processing and storing of personal information in databases pushed along this first tangible effort to regulate data privacy.
The current conversation around data privacy might have a long history, but 2018 was a critical turning point. The General Data Protection Regulation (GDPR) was one of the biggest changes in information policy for many decades, and its impact has been significant. The regulation is extremely specific and enforceable, and watchdogs in Europe haven’t been afraid of taking action. Record-breaking fines in the UK, such as British Airways’ £183 million fine in July of last year, are a reminder to all organizations that if they’re handling the data of citizens, there are severe penalties for getting it wrong.
Enter the data center
At the heart of conversations about how data is stored and managed is its physical home, the data center. What’s more, many of the technologies organizations are looking to invest in to boost their business intelligence are also being stored and managed there. Globally, organizations plan to spend as much as $41 million on average on Cloud Data Management, according to Veeam’s latest Cloud Data Management report, highlighting that the data center is fast becoming the most important tool in the arsenal of digital business.
From a security perspective, attacks can come from anywhere in the world, but data has to be kept somewhere. In this sense, infrastructure can be a tempting target. The increased pressure from the likes of GDPR has meant that senior leadership must now be much more aware of how they’re using physical infrastructure to support their operations than ever before.
Working closely with their cloud storage providers and hosting partners, organizations with a good grasp on the importance of this issue are completing regular risk assessments and audits, and requiring more detail in contracts around elements like data retention.
A call for expertise
GDPR as a framework is as much about people as it is technical standards. It talks in terms of the fundamental rights of citizens, and how specific individuals within organizations can uphold them. This is especially clear in Article 37 of the GDPR, which states that any company monitoring and processing personal data on a large scale must appoint a DPO.
DPOs have become hot property, as while the requirement to have one does not apply to all organizations, it’s often advised as best practice to demonstrate they’re putting appropriate measures in place. In 2018, when GDPR was passed, as many as 28,000 vacancies for DPOs needed to be filled across with Europe and the USA, and it remains a role in high demand. Law firms and consultants, for instance, have even started offering virtual DPO services to meet the shortfall.
Tackling this skills gap will take time, but there’s real value in encouraging everyone within organizations to appreciate and understand the basic principles of data privacy. With the reputational and financial stakes now as high as they are, data privacy is as much a business conversation as it is a technical one. Like any business problem, it requires a robust strategy to address it, and the right IT approach can go a long way to enable the smart data privacy practices that consumers and regulators alike are demanding.
IT as a people industry
Our research has identified as many as three-quarters of IT decision makers globally are looking to Cloud Data Management as a means of supporting more intelligent business processes. Cloud Data Management brings together backup, replication and disaster recovery across the entire IT estate of an organization, to ensure data is always available, recoverable and protected at all times.
But as we’ve seen with DPOs, IT is equally a people industry. Businesses are operating in a world where they need to protect their data more than ever before, and senior leaders are looking for trusted partners to help them de-risk their data center footprint. This might consist of properly configuring data management systems, providing technical training for system administrators, or encouraging end-users to appreciate the role they can play in practicing good data management.
At the start of a new decade, many organizations are still in the middle of a transformation in how they’re approaching their cloud data management strategy. It’s an appropriate time for us to reflect on how we use and view data. As businesses adapt to GDPR’s demands, the impact of the legislation will continue to be profound. Leaders will do well to invest in partners that will not only guide people internally on the rigors of compliance, but also help create a truly data transparent culture.