The way we do business has evolved. Looking back just 30 years, we can agree by comparison to today's standards that the way we stored business-critical information was archaic. In modern business, we rely on technology for much of our organization’s needs, but this relationship with technology is not without its risks.
It’s easy to believe that by having antivirus or antimalware solutions in place we’re protected, but compliance is more than cyber security: it involves a shift in the way business is done.
Welcome to the new world of data compliance
With the introduction of the General Data Protection Regulation (GDPR) earlier this year, the conversation around data protection was sparked. The GDPR was introduced to replace outdated data privacy laws across Europe and provide greater scope and tougher penalties for those who fail to comply.
Companies who have neglected to protect personal data have been thrown into the spotlight of the news channels and our social media feeds, with Facebook, Cambridge Analytica and Under Armour among the most well-known. The consequences for these breaches are bigger, resulting in not only large fines but also the possibility of jail time depending on the applicable regulation. Arguably, some of the biggest damage is actually the one to your brand and how consumers continue to see you. While the fines may be the initial impact, the fallout afterwards can be the most damaging.
The flurry of activity surrounding the GDPR has also led to many more regulations springing up, including New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD) and the California Consumer Privacy Act (CCPA).
Data protection is not a new concept, however, and legislation like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) have been around for years. In the case of SOX, this came about directly as a result of the infamous accounting scandals of Enron, WorldCom, Tyco and others. The impact of these scandals, damaging the financial markets themselves and jeopardizing investor trust, offers a key insight into the power of data.
The GDPR was not created as a result of a headline-grabbing data breach, but rather simply because the world of data in business is evolving, and so must we.
The strengths and weaknesses of data
As the volume of data continues to grow, organizations are continuing to seek ways to extract more value from it. Understanding data and using it correctly can guide companies to greater growth, but the misuse of data can, as we have seen previously, lead to the collapse of an entire business. So is the potential payoff worth taking the risks associate with handling data? Absolutely. But in taking this on, we must acknowledge the well-known quote: “With great power comes great responsibility”.
Organizations are responsible for protecting the data of their customers, and this doesn’t just mean from external threats. One of the biggest blind spots that businesses overlook is internal security. Hackers and phishing scams may be at the forefront of your mind when thinking about data breeches, but actually a large proportion of data exposure comes as a result of an internal error or attack.
In order to provide full coverage, it is the responsibility of businesses to identify gaps in security and highlight weak points and possible risk factors. Consumers are demanding more and are getting wiser to the rights of their personal information, and it’s up to organizations to put practices in place to address these.
Knowledge is power
In order to reap the rewards of data, it’s crucial to understand what’s required of you as an employee and as a business in terms of regulatory demands. It is no longer acceptable to be reactive when it comes to dealing with data security. It's too late once we are dealing with the immediate fallout or minimizing the reach of a breach. We must take a proactive approach to handling and protecting our data.
The first step in doing so is getting wise on the respective legislations. Being familiar with data laws is no longer restricted to the lawyers. If you interact with data or are responsible for it, then you should not have to wait for instruction to come from higher up. Take the initiative and do your research. Revisit your own systems and processes and ask if they are fully compliant.
Microsoft MVP Grant Fritchey recently wrote a free to download whitepaper for Redgate Software which unpicks legislation for the data professional, providing insight and guidance into how to best approach data compliance. If you want to find out how compliant you really are with data protection regulations, it could be a good place to start.
Redgate Software makes ingeniously simple software used by more than 800,000 IT professionals and is the leading Microsoft SQL Server tools vendor. Redgate's philosophy is to design highly usable, reliable tools which elegantly solve the problems database developers and DBAs face every day, and help them to adopt compliant database DevOps. As a result, more than 100,000 companies use products in the Redgate SQL Toolbelt, including 91% of those in the Fortune 100.