The issue of data protection and privacy was, until recently, a conversation confined to a specific group of people within an organisation. Unless you were an IT consultant or a corporate lawyer, privacy compliance was something somebody else took care of. So, how have we reached the point where many organizations are bound by law to employ a Data Protection Officer (DPO)? Why are CEOs now so interested in their company’s data protection and privacy policies?
While our understanding of the current data privacy conversation must operate within this context, there is no denying that 2018 was a watershed moment. The General Data Protection Regulation (GDPR) may be less than two years’ old, but its impact has been significant. As well as its very specific nature which makes the regulation enforceable, GDPR regulators have not been frightened to flex their muscles. To date, it has collected almost €429 million in fines – serving as a constant reminder to any business processing the data of European citizens that there are penalties for not adhering to data privacy requirements.
The privacy skills gap:
As well as providing a clearer framework for appropriate data handling practices, GDPR has made data protection and privacy more about people. Rather than talking in terms of technical standards and software requirements, it is based on fundamental citizens’ rights and how people within an organization can uphold them. GDPR states that certain companies must appoint a Data Protection Officer to be compliant. More specifically, any public authority, a company whose core activities require large-scale monitoring of individuals or consist of large-scale processing of criminal data.
Wherever appointing a DPO is not required under GDPR, it is advised as best practice for companies who need to ensure they have the right data processes in place. Latest Veeam Cloud Data Management report shows that organizations across multiple industries will spend an average of $41 million deploying technologies to boost business intelligence, experienced DPOs have become hot property. In 2018, when GDPR was passed, as many as 75,000 vacancies for DPOs needed to be filled – with Europe and the USA accounting for around 28,000 of these roles.
Minds over matter: Veeam research shows that three-quarters of IT decision-makers globally are looking to Cloud Data Management as a means of creating a more intelligent business. Cloud Data Management brings together disciplines such as backup, replication and disaster recovery across an organizations’ entire cloud and data management provision. It ensures that data is always available, recoverable and protected at all times. But like data privacy, IT is a people industry too. In a world where businesses need to protect their data more than ever before, CEOs, CIOs and DPOs alike are looking for trusted partners to help de-risk their data management. This support may take the form of configuring data management systems, providing technical training for administrators, or basic data privacy training for end-users.
Data Protection Day is an appropriate time for us to reflect on how we use and view data.
Moreover, as we begin a new decade, it’s an apt moment to acknowledge that we are still in the midst of transformation. The impact of GDPR will continue to be profound as businesses adapt to its demands and its enforcers become less patient with those who fail to comply. More fines and reputational damage will only add to the demand for DPOs – people with the expertise and appetite to take on the data privacy challenges of an organization. While investing in technologies like Cloud Data Management will be fundamental to the DPO’s strategy, privacy is now a people business. Therefore, the shrewdest investments will be in trusted partners who can guide people at every level of the organization through the rigours of remaining compliant and help create an authentic culture of data transparency.