View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. What Is
February 14, 2017updated 16 Feb 2017 2:41pm

GDPR Explained

In five questions or less, an industry expert defines and explains a technology, term or trend in CBR’s Tech Express – with this installment seeing Jes Breslaw, EMEA director of strategy at Delphix, explain GDPR.

By Ellie Burns

CBR: What is GDPR?

JB: The General Data Protection Regulation (GDPR) is a new set of rules coming into force May 25th 2018 that governs how businesses collect, use, and share data from European citizens. It asserts that companies -EU-based or otherwise – must build data protection into their system design and infrastructure, or risk severe penalties. Businesses will face fines of up to 4% of global turnover for non-compliance, which is enough to jeopardise ongoing European operations.


CBR: How will GDPR impact data privacy and data protection?
Jes Breslaw delphix - GDPR explained

Jes Breslaw, EMEA director of strategy, Delphix.

JB: In a GDPR world, there will simply be nowhere to hide for a business that suffers a breach. The regulation punishes businesses that fail to leverage appropriate protection measures – such as data masking technologies—as a part of their overall security posture. Data masking enables companies to fulfill GDPR requirements to pseudonymise sensitive data that otherwise could directly or even indirectly identify a specific individual. Worryingly, our research indicates that over a fifth (21 per cent) of UK business have no understanding of the impending legislation, with a further 42 per unaware of the data masking tools that the legislation recommends.


CBR: What does GDPR mean for UK businesses?

JB: For many businesses, the GDPR will not only force them to ensure compliance and reduce the risk fines, but it will also help to usher in a new wave of IT innovation. As businesses look at how they manage, secure and deliver data as part of compliance demands they can also see agility and quality benefits in other areas. By combining data masking with data virtualisation, it will create opportunities for the business, improving the availability of on-demand secure data that can be used to accelerate IT initiatives and support innovation.


CBR: Does GDPR ensure data protection/data privacy?

JB: Only if robust security measures are adopted. Article 30 of the GDPR sets out the security requirements that businesses are expected to satisfy. It requires that businesses must implement “appropriate” technical and organisational measures to secure personal data, taking account of the risk presented to individuals if the security of that data were to be breached. In this regard, the GDPR expressly says that businesses should consider implementing “as appropriate … the pseudonymisation and encryption of personal data.” While the law stops short of telling businesses they must implement pseudonymisation, the express reference to in the security provisions of the GDPR is highly significant, as regulators will take its implementation into consideration when considering compliance.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape


CBR: Will Brexit affect GDPR in the UK?

JB: For the immediate future, the UK will continue to be subject to the same data protection regime as the rest of the EU. It may even be longer, depending on how long exit negotiations take.  It’s also important to remember that the GDPR will still apply to every business that offers goods and services to EU citizens or that monitors EU citizens’ behaviour, regardless of whether it sits within the EU or not. Organisations still need to focus on getting their GDPR preparations underway.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.