SureSkills Seminar Tackles Complexity Challenge of EU GDPR
EU GDPR is sure to dominate conversations about data management, privacy and compliance between now and May 2018, so it wasn’t surprising to see a huge turnout at SureSkills’ seminar last week.
An audience of more than 100 business and IT leaders, as well as privacy professionals, gathered at the Westbury Hotel in Dublin to hear from experts in technology, data protection and law discuss the likely impact of GDPR. After five snappy presentations, they came away with solid, actionable advice about how to prepare their organisations for the forthcoming regulation.
Microsoft Ireland’s Head of Legal Rebecca Radloff set the tone for the event by framing GDPR in positive terms. “We very much welcome GDPR. It’s the most robust privacy legislation in the world, and we will be engineering our products to meet these high standards,” she said.
She urged companies to get working towards GDPR as soon as they can, if they haven’t already done do. Organisations should start by understanding and documenting their current processes for handling data, and then to line that up against the requirements to see where the gaps are.
Context and challenge
SureSkills CTO Kevin Reid provided some valuable context to GDPR, explaining how organisations need to significantly re-engineer their IT environments to accommodate the requirements of the new regulation. That will be a challenge as many organisations have traditionally retained data because they lack good controls to remove it.
There’s also been a historical split over the meaning of the term ‘data protection’: IT teams interpret it as backups and data recovery, but the business viewpoint is to think of it as holding data securely and in line with regulatory requirements.
To address this gap, he announced that SureSkills will shortly launch backup as a service that ensures data is protected for the appropriate length of time in the appropriate way with appropriate controls around it. The service uses the enterprise-class technology of Commvault’s platform and the onboarding process will address organisations’ needs to identify, organise and control the data they are backing up.
Complexity driving change
Nigel Tozer, Solutions Marketing Director EMEA at Commvault, echoed Rebecca Radloff’s comments by describing GDPR as “a good news story as well as the challenges”. He said the complexity of the new regulation will force “some of the biggest changes to your IT in a long time”.
He said GDPR is going to get harder, riskier and more expensive to manage, so there are benefits in moving to a place that makes these tasks simpler. Compliance becomes easier with less data but shrinking that data is not easy, Nigel said.
Discussing Commvault’s approach of ‘data protection by design’, he said it was possible to ensure ongoing confidentiality, integrity, availability and resilience. The challenge from a systems perspective was that the combination of data centres, on-premise systems, software as a service that many organisations use, all come with different backup and recovery models. This complexity hinders compliance and increases risk.
He argued that the preparation for GDPR will make organisations better off and more agile as a result.
GDPR and governance
Lanre Oluwatona, Data Protection Consultant with the Irish Computer Society talked about the role of the Data Protection Officer in obtaining management buy-in. There’s a perception that data protection is an IT issue, but that’s wrong: it’s a management issue and it needs someone to champion the case at senior management or board level. “Under the new regulation, the term ‘risk’ is mentioned no less than 75 times. GDPR is all about governance,” Lanre added.
He said he was heartened that a number of organisations in Ireland have already begun to adopt the DPO role, although for many others, they won’t know what hit them. “This is not something you can implement in one month, six months, not even one year,” he warned. “Will we see big fines? Yes, definitely,” he said. As he outlined a quarterly roadmap to prepare for GDPR between now and May 2018, he told the audience: “The moral of the story is, have a plan.”
A management issue
Brendan Gavin, Corporate, Commercial and Technology Senior Associate at law firm ByrneWallace, picked up on earlier remarks about GDPR. “Allocate responsibility and budget for data protection compliance. This is a management issue,” he said.
Organisations can spread awareness of GDPR through training, reviewing data protection policies and procedures, and keeping detailed checklists of processing records to show compliance. “You will need to ensure your IT systems are up to scratch,” he added.
Patrick Healy, Managing Director of CMS Distribution, attended the event and said the high turnout at the event showed the importance of, and need for clarification on, how the regulation will affect companies. “People want to know what GDPR means for enterprises and how they manage and handle their data, from the personal H.R. data of their employees, through to data about their customers or third parties’ customers,” he said.
“It’s not solely an IT issue, although companies’ IT departments have a huge part to play in managing and organising the data that they have,” he added. The Commvault presentation hammered home the point, as it showed the importance of backup, recovery and archiving, and how even the simplest data gets duplicated as it finds its way through the IT infrastructure. “The realisation that one piece of data can exist in many different locations and with the move from on-premise to cloud storage, shows there are a lot of locations where data can be ‘hiding’. It’s the IT professionals’ job to make sure the data architecture is as smooth as possible. SureSkills are experts in assisting with that architecture,” he said.
If you want to hear how SureSkills can help you on your GDPR journey get in touch below.