#CyberSecMonth: Innovating while protecting data
EMEAR Data Protection & Privacy Officer
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will be enforced, becoming directly applicable in all EU Member States. For those who have been in the field for the last two decades, the GDPR is the current data protection framework with actual “teeth”, given the significant level of fines – 4% of global turnover.
The EU Directive of 1995 stated already that organizations should "protect personal data against accidental or unlawful destruction or accidental loss, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network”.
The recent corporate breaches and cyberattacks tells us that we need to do more to protect data from deliberate access. Especially when data are crucial to drive innovation. At Cisco, we believe the digital economy can only flourish when you connect people, process, data and things in an ethical, relevant and secure way.
In Europe as well as in the US, October is the Cybersecurity Awareness Month and it is the perfect time to think how we create an environment where everyone can more easily do business and trust that their data is safeguarded.
In this context, while the GDPR continues to urge to secure personal data, it brings more clarity on how actually accomplish that.
If we are to safeguard properly data of individuals against attacks or unauthorized use, we must invest in knowing what data we are collecting, how we are collecting it, where do we keep them, and how we are keeping it safe, at rest, in use and in motion. By having a clear picture of what we have and what we do with it, we can identify where weakness are and have also get to the data faster in critical instances.
With a clear inventory and mapping of data processed within your organization, you can assess risks and strengths. This will help to prioritize the changes in process and policies necessary o get you ready for May 2018.
But GDPR requires us also to think “Privacy First” in the use of data. It require us to embed privacy and security requirements in your internal systems and processes as well as in you product development cycle from ideation to launch, to validation. By using privacy engineering techniques to evaluate and build better offerings we turn privacy by design policies into actions and tangible improvements.
Having solid security embedded in your processes and technology is essential. GDPR requires us to protect personal data with security measures capable of preventing, detecting, and responding to vulnerabilities and data breaches as well as being resilient to enable business continuity. And in doing so we must think about securing the negligent and mistaken as well as those with “bad intentions”.
The protection of data is everyone’s responsibility. Creating a security and privacy-aware culture will very much depend on our ability as organizations and as society to educate about the risks and benefits of handling personal data. Data protection obligations are as pervasive and constant as currencies that flow through and across the networks. Understanding how to protect data, including reporting data breaches and do fresh updates is essential.
We might have less than 220 days left to May 25th, 2018, but what we are building along the way goes well beyond a firm date and it is fundamental to protect data in way that sustainable and adaptive to the pace of innovation.
To know more about GDPR, you can listen to this recorded webinar: http://bit.ly/2grRADI
October is the European Cyber Security Month. Learn more about this campaign at cybersecuritymonth.eu or follow #CyberSecMonth on Twitter.