Maren Winter -

A helping hand from the Nordics in the eye of the GDPR storm

Nordic IT companies are well suited to supporting enterprises in their data protection projects, even though openness is more natural to them

When it comes to facilitating an effective response to the recent General Data Protection Regulation (GDPR) legislation enacted across the EU, Nordic technology companies are at the forefront.

A bizarre niche is being filled by companies from the region as its business ecosystem and startup scene epitomise notions of trust, collaboration and integrity, which goes against the grain of defence and security. To this end, their home region is not necessarily the best place to find early customers.

Nordic company Promon unveiled its in-app protection technology in Germany at first, with a view ahead to the cyber security issue that was evolving, and the GDPR legislation that would later come into force.

The Norwegian company’s CEO, Gustaf Sahlman, said: “It’s true that security somewhat goes against the grain in our communities, which are often based on trust, but that’s actually why we went straight to Germany, where we got our first customers in our primary banking and finance sector, and it’s where we commercially grew up. All of our engineering is done out of Oslo, but commercially we are more suited across the rest of Europe, and indeed the world.”

Sahlman emphasised that, to a lesser extent in the build-up to GDPR’s introduction, but certainly in the aftermath of its enaction, companies in international markets are now in desperate need of protecting their sensitive data and are looking to digitally savvy companies with international mindsets to guide them through the process.

“Cyber security doesn’t entail a pride about where your solutions provider is coming from – you just need the best proposition out there, and quite often, the best digital innovation emanates from the Nordics,” he said.

Well suited to tackling the challenge

GDPR was officially implemented in May 2018 and, for many companies, this was the first time they had been told to really think about the best ways to secure their data. The appropriateness of antivirus and malware software were now being questioned, and the need for more holistic protection that would make attacks all the more complicated and expensive were finally being laid at enterprises’ doors.

Just like Promon, Sweden’s DPOrganizer had also noticed a trend and in 2015 it created flexible privacy management software.

“I essentially set out to build the tool I wished I had, with GDPR on the horizon,” said CEO and founder Egil Bergenlind. “GDPR is powerful because of its focus on the individual. With data processing increasing exponentially across the world, there is a need to address the issues this development presents to individual freedoms.

“Personal data has, in some cases, become a digital currency and there is a rising awareness about how it is being processed, as well as the risks this presents to the individual. And this trend will continue to grow, both in terms of data processing and awareness.”

As a result, Bergenlind listed a host of challenges that appeared to be suddenly presented to businesses – navigation of the regulation itself, mapping and privacy processes, raising awareness throughout their organisations, and of course finding the best partners to help mitigate challenges.

It is there that the Nordic startup mindset came into its own.

“The region is home to several interesting cyber and data security companies and is well suited to tackle the challenge,” said Bergenlind. “Not only has the region come far in IT and digital, but we also have an innovative approach to business.

“What I mean by this is that Nordic countries tend to be good places to test out ideas and products because we are often early adopters, priding ourselves on our ability to keep our ears to the ground. And since we are small countries with small populations, we tend to adopt the mindset of being global from the start, challenging us to think bigger.”

Time to up the ante

In this next phase of cyber ecurity education and adoption, the question hanging over businesses is not whether to outsource data protection, but who to outsource it to, according to their own objectives and practices.

Sahlman said that given the complicated landscape that now exists, it is just important that businesses look outside their borders to install state-of-the-art cyber protection technologies, even if they aren’t from Promon.

“My main recommendation is: just don’t try to do everything yourself,” he said. “It’s just too complex, and the risks are too high. The type of data being protected needs to be taken seriously and, as mega-trends such as bring your own device or the internet of things evolve so rapidly, you can’t afford just to make knee-jerk reactions or take the easy way out.

“Last year alone, the number of malware attacks on mobiles doubled. That’s the trajectory we’re on and it’s time to up the ante.”

GDPR has gone some way to trigger urgency from this perspective, and has left organisations with critical decisions to make about finding suitable partners and innovators to help them take effective steps towards data protection.

Most now need partners with a high level of digital acumen, but also a certain nimbleness and speed of implementation – two traits very much aligned with the Nordic business climate.

Bergenlind added: “Cyber security is a work in progress and we have not yet scratched the surface of what will come next, but the underlying ideas of GDPR are important from a public awareness perspective, at least. We believe Nordic companies often have a stronghold in innovation and keeping ahead of the curve, making us important players in developing, launching and testing innovative solutions in this space.”

Read more on IT risk management

Data Center
Data Management