Stricter data privacy laws to restrict the unobtrusive utilization of user data have been the focus of discussion in various forums for some time now. With the introduction of cloud storage where data is stored in multiple servers and locations by a hosting company the data security issue had become even more complex as it involves a third party for data protection. The entity which collects the data from users has no control over the data storage thus leaving it vulnerable for misuse.
It was in the wake of many such apprehensions that the European Union came up with more stringent data privacy laws to protect individual data. There have been many reactions to the introduction of these new data privacy laws.
Various professionals in the industry have reacted as given below. I am reproducing a few of them from websites for gauging the real impact of these laws on the ground. These statements give us some idea of how these laws will impact the industry as such.
Tony Pepper, CEO, Egress Technologies:
“This regulation is set to really shake things up forcing companies to scrutinize how they process and handle data. In particular, the ruling that they must report breaches ‘that are likely to harm individuals’ has the potential to expose a swathe of breaches that are currently being swept under the carpet – and the corresponding fines are likely to be keeping a few CFOs awake at night!
“Now that a decision has been made, boards across Europe need to immediately start planning and implementing the right processes, training and technologies to protect the entire life-cycle of their data so they’re prepared for when the regulation is enforced. We can see from previous breaches, that it is the small slip ups, caused by human error, that have been the most common and largely the most damning. These are the errors that, until now, some organisations have not necessarily had to confess to.
“The weakest link in the chain is your workforce and even with the best technology and will in the world, changing habits and getting user buy-in takes time – so you should start now. Matching security policy, with user training and education, alongside smart, user-intuitive technology is the only way forward.”
Nigel Hawthorn, chief European spokesperson, Skyhigh Networks:
“This is an early Christmas present and we welcome the GDPR text publication. Consumers are rightly concerned about their private information being lost by organisations and it’s great to have clarity on the regulations. Now enterprises and cloud service providers worldwide need to study them and ensure that their procedures and technology are in place to conform.”
Andy Herrington, Head of Cyber Professional Services, Enterprise & Cyber Security, UK & Ireland, Fujitsu:
“The news that new EU Data Protection regulations are likely to be agreed upon should be largely welcomed, as it will promote consistent data protection requirements in each country and a single reporting and compliance regime. The changes are intended to keep up with a shift in which more data is kept in the cloud and therefore managed by a third party away from the original business that collected it.
“According to research from Fujitsu, 80 per cent of IT decision makers believe more stringent data protection laws are needed in this data-driven world while nearly two thirds (61 per cent) welcome larger fines for data protection negligence and would like to see them introduced.
“This new EU Data Protection regulation will help businesses become more proactive with regards to their hosting and data storage strategies. It means that service providers will be able to fulfil their role as a data processor, protecting the information it handles and stores on behalf of its customers, who as owners of the data, remain the data controllers. The tougher fines and raised awareness should also drive a much better understanding in the C-suite, and wider business, of what data is held, its value to the business and the controls required to protect these valuable assets.”
I assume , there will be a positive effect on the securing of data by the companies as they will be taking the issue seriously to avoid penalizing. Many times the breaches happen due to human error. Companies also employ people who are not qualified in the field to handle the responsibilities.
These stringer laws are essential to curb the way things are going on now – as most of the existing laws on data protection only specify what to do after the data is breached rather than how to keep it safe in the first place.
It can be rest assured that by the time these new laws come into force there will be a paradigm shift in their outlook towards big data and its protection by the companies in the data business. This will definitely save a lot of heart burns of individual users in future who place their data in the hands of these companies.