Data protection – how compliant are you, really?

Rebecca Edwards

Product Marketing Manager at Redgate Software

Views 776

Data protection – how compliant are you, really?

15.11.2018 10:15 am

The way we do business has evolved. Looking back just 30 years, we can agree by comparison to today's standards that the way we stored business-critical information was archaic. In modern business, we rely on technology for much of our organization’s needs, but this relationship with technology is not without its risks.

It’s easy to believe that by having antivirus or antimalware solutions in place we’re protected, but compliance is more than cyber security: it involves a shift in the way business is done.

 

Welcome to the new world of data compliance

With the introduction of the General Data Protection Regulation (GDPR) earlier this year, the conversation around data protection was sparked. The GDPR was introduced to replace outdated data privacy laws across Europe and provide greater scope and tougher penalties for those who fail to comply.

Companies who have neglected to protect personal data have been thrown into the spotlight of the news channels and our social media feeds, with Facebook, Cambridge Analytica and Under Armour among the most well-known. The consequences for these breaches are bigger, resulting in not only large fines but also the possibility of jail time depending on the applicable regulation. Arguably, some of the biggest damage is actually the one to your brand and how consumers continue to see you. While the fines may be the initial impact, the fallout afterwards can be the most damaging.

The flurry of activity surrounding the GDPR has also led to many more regulations springing up, including New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD) and the California Consumer Privacy Act (CCPA).

Data protection is not a new concept, however, and legislation like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) have been around for years. In the case of SOX, this came about directly as a result of the infamous accounting scandals of Enron, WorldCom, Tyco and others. The impact of these scandals, damaging the financial markets themselves and jeopardizing investor trust, offers a key insight into the power of data.

The GDPR was not created as a result of a headline-grabbing data breach, but rather simply because the world of data in business is evolving, and so must we.

 

The strengths and weaknesses of data

As the volume of data continues to grow, organizations are continuing to seek ways to extract more value from it. Understanding data and using it correctly can guide companies to greater growth, but the misuse of data can, as we have seen previously, lead to the collapse of an entire business. So is the potential payoff worth taking the risks associate with handling data? Absolutely. But in taking this on, we must acknowledge the well-known quote: “With great power comes great responsibility”.

Organizations are responsible for protecting the data of their customers, and this doesn’t just mean from external threats. One of the biggest blind spots that businesses overlook is internal security. Hackers and phishing scams may be at the forefront of your mind when thinking about data breeches, but actually a large proportion of data exposure comes as a result of an internal error or attack.

In order to provide full coverage, it is the responsibility of businesses to identify gaps in security and highlight weak points and possible risk factors. Consumers are demanding more and are getting wiser to the rights of their personal information, and it’s up to organizations to put practices in place to address these.

 

Knowledge is power

In order to reap the rewards of data, it’s crucial to understand what’s required of you as an employee and as a business in terms of regulatory demands. It is no longer acceptable to be reactive when it comes to dealing with data security. It's too late once we are dealing with the immediate fallout or minimizing the reach of a breach. We must take a proactive approach to handling and protecting our data.

The first step in doing so is getting wise on the respective legislations. Being familiar with data laws is no longer restricted to the lawyers. If you interact with data or are responsible for it, then you should not have to wait for instruction to come from higher up. Take the initiative and do your research. Revisit your own systems and processes and ask if they are fully compliant.

Microsoft MVP Grant Fritchey recently wrote  a free to download whitepaper for Redgate Software which unpicks legislation for the data professional, providing insight and guidance into how to best approach data compliance. If you want to find out how compliant you really are with data protection regulations, it could be a good place to start.

Redgate Software makes ingeniously simple software used by more than 800,000 IT professionals and is the leading Microsoft SQL Server tools vendor. Redgate's philosophy is to design highly usable, reliable tools which elegantly solve the problems database developers and DBAs face every day, and help them to adopt compliant database DevOps. As a result, more than 100,000 companies use products in the Redgate SQL Toolbelt, including 91% of those in the Fortune 100.

Latest blogs

Russell Bennett Fraedom

How banks can strengthen relationships with their SME customers – Five Top Tips

SMEs make up the vast majority of businesses across the UK and with many focused on rapid and dynamic expansion, they present mass growth opportunities for commercial banks. However, to really untap this potential and gain trust and creditability Read more »

Howard Berg Gemalto

Banking and payment predictions for 2019 from Gemalto

The rise of digital identities The meshing of the physical and digital world will bring significant changes to how we think about our identities. In 2019 we’ll see a global shift towards digital identification systems, driven by banks, mobile Read more »

Frederik Mennes Security Competence Center

Open Banking standards and new technologies will bring innovation to financial services

One of the most important trends we’ll see in 2019 is the global adoption of Open Banking, especially in the United Kingdom, the European Union and Asia-Pacific (primarily in Singapore, Hong Kong and Australia). Open Banking allows third-party Read more »

Andrew Davies Fiserv

Managing Risk in the Era of Customer Experience

Delivering an excellent customer experience and managing risk are among financial institutions’ top priorities. Notably, these priorities are solidly linked: as life moves faster and new technologies are introduced to help make our financial lives Read more »

Tony Pepper Egress Software Technologies

Tony Pepper, CEO of Egress Software Technologies comments on Fax machines banned across the NHS

It is difficult to believe that such an outdated and unsecure system is still being used by the NHS when we consider the confidentiality of the information contained within patient records. According to the BBC, as many as 9,000 fax machines were Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App