View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 27, 2017

How to keep data safe on Data Protection Day: From cyber insurance and GDPR, to cloud and encryption

Procrastinating in the cloud? Relying on cyber insurance? On Data Protection Day you should look into your data security processes and reevaluate how you are protecting the hot commodity that is data.

By Ellie Burns

January 28 marks Data Protection Day, known in the US as Data Privacy Day.

Designed to promote privacy and data protection best practices, the annual Data Protection Day has grown ever more important in a world increasingly under attack from cyber criminals.

Despite government action to regulate and protect citizens’ data with laws such as GDPR, data is a highly sought commodity by both criminals and enterprise. Consumers and businesses alike are urged to take stock of their data practices on this day, review processes and understand the what, where and how about their data.

To celebrate Data Protection Day, CBR reached out to the industry experts to get their advice and thoughts on what businesses need to do in this increasingly complex data world.

 

Trust Is Key

Doug Davidson, global head of cloud security offers and UK cyber security CTO at Capgemini

Trust is a key part of any relationship, particularly when between a business and its customer – which can have serious consequences if it’s broken. Protecting data should therefore be of paramount importance to every business that holds sensitive information. This not only means having the right security solutions in place, but also making sure everyone in the company that comes into contact with that data knows how to protect it. With the Government recently showing its commitment to boosting cybersecurity, the UK is certainly heading in the right direction. However, this needs to focus on improving the skills of those handling the data, as more often than not, it is employees that are found to be the weakest link.

 

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

Understand the Value of Data

Thomas Fischer, threat researcher and security advocate at Digital Guardian

The first step in keeping customer information protected is to understand what value the data has, where it is being used, whether it needs to be encrypted and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately. It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property.

data protection day - cloud security

2007 marked the first-ever Data Protection Day, initiated by the Council of Europe.

With Great Data, Comes Great Responsibility

Jason Hart, CTO, Data Protection, Gemalto

In an age of convenience, consumers are more than happy to share personal data with businesses and organisations, as long as it enhances their online and offline experiences. Whilst this provides considerable benefits to the business receiving the data, it also comes with a huge responsibility – consumers expect that their data will only be accessed by internally authorised individuals, and be completely secure from external threats.

Businesses must implement encryption to ensure that the data they hold is secure, and can only be accessed by select individuals. Additionally, two factor authentication is crucial in helping mitigate any outside threats. By encrypting the data, and managing the encryption keys properly, the data is useless to the hacker, as well as any unauthorised personnel within the organisation. This means that, even if a breach takes place, consumer data remains private.

 

Cyber Insurance Will Not Protect You

Lillian Pang, Senior Director of Legal and Data Protection Officer, Rackspace

Towards the end of year we are likely to see more UK businesses turning to contingency measures such as ‘cyber insurance’ to protect themselves from data breaches. This is likely to be driven by businesses that wish to safeguard themselves against potential fines emanating from the upcoming GDPR legislation. In turn, we will have to wait until 2018 to see how sizable the pay-outs on cyber insurance claims are, and thus, how effective they will be for businesses. It’s important to remember that while cyber insurance may help with financially protecting them in the event of a data breach, it will not be sufficient to protect businesses from any costly reputational damage.

The sooner organisations work towards compliance with the latest regulations, the sooner they can be confident of their own security, and reassure the businesses and customers they work with. To help businesses understand the steps they should take to ensure compliance, they should turn to their Privacy experts or DPOs, CIOs and CSOs, or source additional expertise externally.

 

Having a Plan B and ending procrastination in the cloud is also a must for all businesses on Data Protection Day – find out more on the next page.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU