Time is nearly up. The day of reckoning when it comes to data protection is nearly upon us, with May 25th 2018 marked in bold in every business calendar or diary. The General Data Protection Regulation, or its more popular moniker GDPR, has cast an omnipresent shadow over global business for the last year, with a myriad of surveys and research repeatedly warning against non-compliance – normally with the much used adjective of ‘unprepared’.
When it came to GDPR, business leaders were inundated with shocking stats postulating that GDPR was not fully understood, was not a boardroom issue, was regarded as a box-ticking exercise, and that businesses lacked awareness of the rules and fines involved.
One aspect which was seized upon by one report was the disconnect between confidence and compliance. According to the Trend Micro study, 88% of UK businesses were confident that their data security measures were first rate and could not be further improved. However, the same report found that 56% did not know that email marketing databases counted as personal information, with a further 73% admitting that they did not know the full potential extent of GDPR fines.
GDPR is not easy, nor straightforward. We are told that we are underprepared, unaware and over confident, but that is because legislation and the requirements it entails are complex and non-prescriptive. We must acknowledge the complexities of the legislative changes ahead and change the tone of the conversation – moving the negative to the positive. It is only then that GDPR can be seen as an opportunity, not a challenge.
Make no mistake about it, GDPR is an opportunity. Ultimately your data security will be strengthened. Big improvements will be made to the collection, stewardship and sharing of data which, in turn, will only have a positive impact for both business and consumer.
When it comes to cloud, the challenge is seemingly two-fold. The public cloud has been dogged for many years with criticism concerning security, which when coupled with GDPR piles pressure on businesses embarking on compliance. Arguably, however, the opportunity when it comes to GDPR and compliance has never been stronger in the cloud.
The secret to compliance success in the cloud lies, of course, with the platform. Fragmented tools will exasperate the complexity of compliance – what you need is one solution which delivers content visibility, while also being able to evolve alongside the ever-changing demands of regulation, data privacy and data residency.
When choosing a single solution, you want to ensure that the platform already meets existing regulatory standards. Taking Box as a case in point, the cloud content management company helps businesses comply with standards including ISO 27001 and ISO 27018, Privacy Shield, TCDP and C5, amongst others, whilst applying Binding Corporate Rules. Adhering to the demands of GDPR, Box also provides in-region data storage capabilities through Box Zones. Raising the bar when it comes to privacy and control in the cloud, so businesses can use local data storage to comply with regional and country-specific data privacy and data residency rules.
A platform or service which already has a strong footing in regulatory requirements will go a long way to easing a business into its compliance journey, but that platform also has to empower an organisation to take control of their content and data. With data visibility a key driver of GDPR, the need to know the where, what and who when it comes to content has never been more important.
Delivering visibility and control, Box offers IT and Admin controls which allows businesses to easily manage access and sharing policies – essentially giving you the power to govern all your content. Proving a robust defence against data leaks, Box offers document watermarking, granular sharing permissions and audit logs. GDPR demands that you know where your data is, with Box you can apply security classifications and manage the entire lifecycle of your content.
For those embarking on a compliance journey within the cloud – it is a journey of opportunity, make no mistake about it. Finding a platform already meeting compliance needs that gives you control and visibility over data, will bring positive change for your business.
GDPR is here to stay, with updated legislation a foregone conclusion as technology evolves and data proliferates. Cloud offers the flexibility to evolve alongside those demands, allowing businesses to seize the compliance opportunity in order to innovate and succeed with confidence.