GDPR – Don’t be afraid!

Posted on : 28-02-2017 | By : kerry.housley | In : Cyber Security, Data

Tags: , , , , , ,

0

GDPR comes into effect in May 2018. Type “GDPR” into LinkedIn and you will find a deluge of posts from “experts” offering advice as to how you need to act NOW! Fail to do so and your business will suffer catastrophic consequences.  Some commentators have made comparisons to the Millennium Bug which had consultants jumping over themselves to fix your Y2K problem!

It does seem that maybe we are somewhat being taken in by the FUD again. As organisations ring-fence budgets and on board their new, and often costly, experts I wonder if a lot of them are either frantically reading up or collectively thumb twiddling? (it would be interesting to track how many profiles have been updated to add it as a specialism…)

However, it is of course a serious thing. If we look behind the headlines, there is no doubt that there are some hard facts which make disturbing reading for any business. Take the Talk Talk data breach last year, and the implications of GDPR become clear. Talk Talk was fined a record amount of £400,000 by the Information Commissioner’s Office (ICO), but had the breach happened after May 2018 when the new GDPR rules apply then the fine would potentially have been 70 million euros (under GDPR rules fine is 20 million euros or 4% global annual turnover, whichever is greater).

Traditionally, the ICO has not been keen to impose large fines so the EU rules show a major change in this respect where business will be harshly punished should they fail to comply. Also, GDPR states that should a company suffer a data breach it must be reported in 72 hours.  This will be a tall order for many companies.  According a recent FireEye Report it takes an average of 146 days to discover a breach, and in many cases, it could be years. It took Yahoo 5 years to report a breach!

So, compulsory breach notification and onerous fines will have a significant impact on the business community and should not be taken lightly.

However, if we look behind the headlines, GDPR offers a great opportunity for businesses to review their information security strategy and close any gaps in systems and processes to protect data.

Irrespective of the legislation, clients are increasingly concerned about the security of their data. Any business that cares about its reputation and the needs of its clients and employees should be paying attention anyway to protecting its data. Data privacy and protection should be part of business as usual operations and not viewed as just another compliance requirement.

The first thing any company should do is find out exactly what data they hold and where it is stored.  You need to know how this data is used and who is using it. Processes must be in place to ensure easy access and the ability to delete when you no longer have the authority to retain it.

If you have any suppliers that use your data, then they too must comply. For companies with a large supply chain it is important to have systems and processes in place to manage the data risk. Having a supplier management system in place to manage this risk is essential.

In order to comply with Data Protection legislation, it is imperative that companies can demonstrate that they take data protection seriously and can show clearly the steps they take to safeguard that data. Having data protection policies and processes in place is a good start. Using a GDPR audit tool or a supplier management system are an effective way of demonstrating the steps you have taken whilst providing an audit trail which can be reviewed at any point in time.

Information security is an ever-moving target. It is not possible to guarantee breach prevention, but there are many ways in which the likelihood and impact can be significantly reduced.

If you would like a balanced view on the impacts of GDPR (without any doomsday predictions), the practical steps to be ready or discuss governance and tooling which can help, please contact us.

Are we addicted to “Digital”?

Posted on : 28-02-2017 | By : john.vincent | In : Cloud, Data, Innovation, IoT, Uncategorized

Tags: , , , , , , , ,

0

There’s no getting away from it. The speed of technology advancement is now a major factor in changing how we interact with the world around us. For the first time, it seems that innovation in technology is being applied across every industry to drive innovation, increase efficiency and open new market possibilities, whilst in our daily lives we rely more and more on a connected existence. This is seen in areas such as the increase in wearable tech and the Internet of Things.

But what is the impact on business and society of this technology revolution regarding human interaction?

Firstly, let’s get the “Digital” word out on the table. Like cloud before it, the industry seems to have adopted a label on which we can pin everything related to advancement in technology. Whilst technically relating to web, mobile, apps etc. it seems every organisation has a “digital agenda”, likely a Chief Digital Officer and often a whole department in which some sort of alchemy takes place to create digital “stuff”. Meanwhile, service providers and consultancies sharpen their marketing pencils to ensure we are all enticed by their “digital capabilities”. Did I miss the big analogue computing cut-over in the last few years?

What “digital” does do (I guess) is position the narrative away from just technology to a business led focus, which is a good thing.

So how is technology changing the way that we interact on a human level? Before we move on to the question of technology dependence, let’s look at some other applications.

Artificial Intelligence (AI) is a big theme today. We’ve discussed the growth of AI here before and the impact on future jobs. However, one of the areas relating social interaction which is interesting, is the development of emotionally intelligent AI software. This is most evident in call centres where some workers can now receive coaching from software in real-time which analyses their conversations with customers. During the call the software can recommend changes such as with style, pace, warning about the emotional state of the customer etc.

Clever stuff, and whilst replacing call centre agents with robots is still something that many predict is a way off (if at all) it does offer an insight into the way that humans and AI might interact in the future. By developing AI to understand mental states from facial expressions, vocal nuances, body posture and gesture software can make decisions such as adapting the way that navigational systems might work depending on the drivers mental condition (for example, lost or confused) or picking the right moment to sell something based on emotional state. The latter does, however, raise wider ethical issues.

So what about the increase in digital dependency and the social impacts? Anyone who has been in close proximity to “millennial gatherings” will have witnessed the sight of them sitting together, head bowed, thumbs moving at a speed akin to Bradley Coopers character in Limitless punctuated by the odd murmuring, comment or interjection. Seems once we drop in a bit of digital tech and a few apps we stifle the art of conversation.

In 2014 a programmer called Kevin Holesh developed an app called Moment which measures the time that a user is interacting with a screen (it doesn’t count time on phone calls). The results interesting, with 88% of those that downloaded the app using their phone for more than an hour a day, with the average being three hours. Indeed, over a 24 hour period, the average user checked their phone 39 times. By comparison, just 6 years earlier in 2008 (before the widespread use of smartphones) people spent just 18 minutes a day on their phone.

It’s the impact on students and the next generation that has raised a few alarm bells. Patricia Greenfield, distinguished professor of psychology and director of the UCLA Children’s Digital Media Center in a recent study found that college students felt closest (or “bonded”) to their friends when they discussed face to face and most distant from them when they text-messaged. However, the students still most often communicated by text.

“Being able to understand the feelings of other people is extremely important to society,” Greenfield said. “I think we can all see a reduction in that.”

Technology is changing everything about how we interact with each other, how we arrange our lives, what we eat, where and how we travel, how we find a partner, how we exercise etc… It is what makes up the rich fabric of the digitised society and will certainly continue to evolve at a pace. Humans, however, may be going the other way.