mixmagic - stock.adobe.com

GDPR an opportunity to improve data systems and processes

A year after the official implementation of the GDPR, it is important to highlight the positive opportunities that compliance provides and the insights breach reports are providing, say Deloitte consultants

Financial services organisations are among those that are taking compliance with the European Union’s General Data Protection Regulation (GDPR) very seriously, and the insights this is delivering is likely to help drive momentum in other sectors, according to Stephen Bonner, cyber risk partner at Deloitte.

“In the larger financial services organisations, customer trust is absolutely key to what they do. But even for those who have been taking it seriously for a long time, the GDPR has helped to give data protection officers a voice in a more business-focused, broader discussion to get the support they need,” he told Computer Weekly.

A year after the official implementation of the GDPR, Bonner said the real benefits of the regulation will start being realised as more organisations in all sectors report data breach incidents on a much bigger scale than ever before.

“Previously, there was a whole series of things that no one had any visibility of, and as that data starts being analysed, we will start to see patterns and behaviours that will be even more powerful,” he said.

Another positive impact of the GDPR in the first year, he said, is that there has been a significant change in consumers’ understanding of the rights they have.

“Our data shows a surprisingly high number of consumers who have exercised their rights under the GDPR to get better behaviour from organisations, which is bound to put pressure on any organisations that have not yet done enough to improve the way they handle customers’ personal data.”

GDPR benefits will take time

However, changing culture takes time, even with new legislation, said Robert Wainwright, senior cyber partner at Deloitte and former Europol chief.

“Appointing a DPO [data protection officer] to comply with the GDPR does not necessarily mean you are going to have privacy baked in to the DNA. It will take time, but there are encouraging signs and I am very optimistic about the latent potential of GDPR to boost digital transformation.”

Based on his experience in embedding law enforcement data protection standards that are far more stringent than those required by the GDPR, Wainwright said the benefits were clear.

“We expected greater accountability would be an operational drag, but we found that having so many robust features trained our analysts to be much more precise in the way they were handling data. It also shaped our datasets to be less chunky because we weren’t allowed to store data for which we had no purpose or to keep data for longer than we actually needed it.”

Similarly, Wainwright said the GDPR could provide benefits to commercial enterprises and other organisations. “Through the GDPR, they have the opportunity to improve their data systems and processes. These can be reshaped into something that is cleaner, sharper, quicker and therefore more effective,” he said.

“GDPR is a positive opportunity to reinvent the way data is managed. On the data security side, I see the best CISOs are those that are seeing positive advantages. Rather than being the one who is blocking them from doing things to the one who is able to improve the main business.”

The GDPR is also encouraging CISOs to think about achieving a “frictionless” customer experience, said Wainwright.

“That type of thinking about how to enable security without relying on passwords, for example, will be an enormous business enabler. That will take them beyond being the person who blocks business and is a drain on cost, to being someone who adds to a transformative experience of the business. And I see the same thing happening in terms of privacy,” he said.

While this approach will require “quite a leap in judgement and culture” that not everyone may be willing to support, Wainwright claimed the GDPR would help by forcing a greater part of the real problem to become visible. “This should encourage better industry norms and better collaboration,” he said.

Read more about GDPR

Read more on Privacy and data protection

Data Center
Data Management