- Security TWENTY
- Women in Security Awards
The General Data Protection Regulations (GDPR) came into force on May 25, 2018. A year later, what has been its impact and has our data become more secure as a result? There is still much to do, says Colin Tankard, pictured, Managing Director of data security company, Digital Pathways.
“I’m not sure we are any safer now than before. This time last year, companies were in a frenzy, rushing to get all the relevant documentation in order so that their policies and statements, required by the new legislation, were in place.
“All of us, I’m sure, were bombarded with opt in requests, allowing businesses to continue to send us marketing information etc.
“However, whilst tidying up these processes can be seen as a positive step, it feels to me, as if it was purely a tick box exercise. Little seems to have been done to actually protect data, which is born out by the number of public breach declarations we have seen. If the data had been adequately secured, by the use of encryption, such breaches would not have been required to become public; a notification to the ICO would have been all that was needed to be done.
“As a result of GDPR, the number of Subject Access Requests (SARs) has dramatically risen. Many organisations are struggling to know exactly where their PII data is or, how it is stored and protected. Whilst there are systems to deal with this, companies don’t seem to have signed up to them.
“Cloud storage may also present a problem. Whilst players such as Microsoft and Google tell us they are GDPR compliant, I wonder how any company, using these services, can say that they are compliant in event of any breach, as there are few tools which allow the analysing of logs, to trace how the breach occurred. Whilst most companies have indeed tightened their policies, to comply with the GDPR, it is my feeling that few have considered how they will enforce these policies or, have put in place technology to enable the easy compliance with data requests.”