May 25th 2021 marked the third anniversary of the implementation of GDPR. Throughout the past three years, awareness of GDPR and the importance of data protection has slowly been growing. However, in the context of the global disruption caused by COVID-19, businesses have been presented with a unique set of data challenges, which has required more vigilance than ever before when it comes to keeping employee and customer data safe.
This anniversary is a great opportunity to reflect on the impact of the regulation, we spoke with experts from Veracode and Micro Focus share their thoughts on the importance and effectiveness of GDPR.
“On the third anniversary of the implementation of the GDPR, we can confidently say that the regulation is here to stay. Ultimately, data belongs to people and any technique that reinforces that approach – including encryption, tokenisation, data scrambling, data hiding, anonymization, among others – represents a fundamental step to protect small quantities of data that, when aggregated, becomes information.
“In this cloud epoch, where data moves between cloud environments, effective data protection regulation is critical. Understanding where data lives, in all its forms and platforms, provides unparalleled control and visibility when it comes to managing both structured and unstructured data sets. This was the aspiration of the GDPR when it was created. Now, more than ever, technology and legislation represent the opportunity to achieve an overarching governance umbrella for how information is discovered, identified, classified and protected. That’s the ultimate goal.
“While it’s down to the European Data Protection Board (EDPB) to ensure that the law is being interpreted in the correct manner and provide essential guidance, businesses also have a key role to play in upholding the regulation. Keeping data safe, however, has never been more challenging as over the last year. The mass move to remote working caused by the pandemic meant that businesses had to shift to digital-first approaches virtually overnight. The resulting distributed infrastructure has created new attack vectors for cybercriminals – and, in turn, a greater potential for damaging data breaches.
“Within this new reality, becoming cyber resilient is a business necessity. Organisations should make extensive plans to effectively prepare for, respond to and recover from cyber threats. Amid a constantly evolving threat landscape, made even more complex by the global pandemic, protecting against data breaches requires building a road map to cyber resiliency. This way, organisations can ensure they are in the best position to safeguard sensitive information and continue to comply with data privacy regulation such as the GDPR.”
John Smith, Manager, Solution Architects, EMEA & APAC, Veracode
“Since GDPR was introduced three years ago, we’ve seen a number of technology advancements impact the security landscape. More recently, the rapid adoption of these innovations in combination with accelerated cloud adoption brought on by the pandemic have brought to light a new challenge – data residency – as applications in the cloud have typically been hosted outside the EU. By providing cloud-native software security testing with EU data residency, we enable EU customers to address regulatory and organisational requirements while continuing to deliver secure software quickly and easily.
“On this anniversary of GDPR, it is important to recognise the impact of the changing landscape on developers who must continue to innovate and create applications. To ensure data is protected, collaboration between security experts, developers and security champions is integral to the success of any application security programme. GDPR fines have the potential to increase as the number of ways to violate the data protection rules multiply, so employing secure coding best practices from the outset is paramount.”