data-big

Business booms for privacy experts as landmark data law looms

Data Law Looms

SAN FRANCISCO (Reuters) – Business is booming for software and privacy experts as companies across the globe spend millions of dollars to comply with a landmark European data protection law, even as many uncertainties remain about how the rules will be enforced.

The General Data Protection Regulation (GDPR), which goes into effect in May, is the biggest shake-up of personal data privacy rules since the birth of the internet. It is intended to give European citizens more control over their online information and applies to all companies that do business with Europeans.

The industries most deeply affected will be those that collect large amounts of customer data and include technology companies, retailers, healthcare providers, insurers and banks.

The law has a slew of technically complex requirements, and threatens fines of as much as 4 percent of a company’s annual revenue for those who fail to comply. Companies must be able to provide European customers with a copy of their personal data and under some circumstances delete it at their behest. They will also be required to report data breaches within 72 hours.

The cottage industry that’s developed around GDPR includes lawyers who advise on compliance, cyber security consultants, and software developers that help firms conduct painstaking inventories of vast amounts of data to identify and index information so it can be made available to Europeans at their request.

New York legal services firm Axiom, for example, told Reuters it had more than 200 data privacy lawyers working on GDPR projects – about a sixth of all its lawyers.

It said it would hire over 100 more staff this year to deal with GDPR and also create training programs so that more of its lawyers would be qualified to work on those types of projects.

Wim Remes, a cyber security consultant in Brussels, said he was fielding about a dozen GDPR-related calls per week. His clients are based in Europe and the Americas and include retailers and technology firms.

He said American companies had been slower off the mark to respond to GDPR than their European counterparts and were now scrambling to catch up. “In the last two or three months, the demand has mostly been from U.S. organizations,” he added.

COMPANIES SPEND MILLIONS

The costs are substantial: among 300 big companies in the process of becoming GDPR compliant, 40 percent said they had spent more than $10 million, and 88 percent said they had spent more than $1 million, according to a PwC survey of American, British and Japanese executives published in September.

“People really aren’t picking up the phone for less than $1.5 million to $2 million,” Gant Redmon, program director of cyber security and privacy at IBM Resilient, said of legal and software consultancy firms advising on GDPR.

The work will not end on May 25, when GDPR kicks in, as companies will be required to provide regular data audits for EU authorities to prove they are compliant. Companies that handle especially sensitive information will have to hire a data protection officer.

Lingesh Palaniappan, CEO of Grit Software Systems, described the work he’s doing on GDPR compliance for a mid-sized software company as a grueling manual process.

His staff has to go through every software application and database and record details such as the exact type of data they contain – whether it be names and addresses, or more personal information like medical records – and who has access to it. The team builds charts to keep top management informed on how far along the company is in its GDPR compliance process.

“Currently, we are literally taking an Excel sheet, going to the (clients’) teams, filling out the data and then consolidating the data into another Excel sheet,” said Palaniappan, who left Microsoft Corp last year.

The aim is to make personally identifiable data easily available, so these companies can provide copies of the information to customers who request them, or to erase the data when required.

The big worry is that, due to the manual nature of the work, errors that could make companies non-compliant could creep in, added Palaniappan.

“We’re always worried – did we miss anything? Are there any datasets that no one is aware of that we’re still using? That’s a concern.”

‘EVERYONE IS SCRAMBLING’

Still, it’s unclear just how strictly GDPR, which EU nations adopted in 2016, will be enforced at the start.

Many observers expect regulators to take a forgiving approach and give companies time to get their systems in order, reserving harsh penalties for large firms that egregiously fail to comply.

Some also warn that companies need to be careful in their rush to comply with the new rules.

“Everyone is claiming now to be a GDPR expert because they can see that there is very strong demand and everyone is scrambling,” said Paul Lanois, an attorney with a large publicly traded international bank in Europe, adding that he checks consultants’ resumes for experience dealing with European regulators before bringing them on board.

“You have to vet them otherwise you get any Tom, Dick or Harry saying they’re a GDPR expert,” Lanois said.

Once data is properly classified, there is then a great deal of interpretation involved in how the company is required to handle it. The text of the law is replete with words like “reasonable”; one requirement, for example, says that companies take “every reasonable step … to ensure that personal data which are inaccurate are rectified”.

Those steps, however, are not defined. That’s where the lawyers come in.

There is little consensus on whether most companies will be ready by May. Among firms that have begun preparing for GDPR, 78 percent say they are confident they will be fully compliant by the deadline, according to a survey by Microsoft late last year.

But Gartner, the research firm, has a less optimistic forecast, predicting less than half of all companies affected by GDPR will not be in full compliance by the end of 2018.

Lanois said there was an “overwhelming amount” of companies that were completely unprepared for the new regulations.

”They’ve just noticed GDPR and are now freaking out,“ he added. ”Those who are already fully compliant, and there’s a few of them, those are the lucky few.”

Article Source: Reuters

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

Cloudification - Budgets are Shifting Toward a “Cloud-first” and “Cloud-only” Approach

Cloudification – Budgets are Shifting Toward a “Cloud-first” and “Cloud-only” Approach

Cloudification and the Budget Shift Gartner has recently predicted that by 2020, a corporate "no-cloud" policy will be as rare as a "no-internet" policy is today. CIOs will increasingly leverage a multitude of cloud computing ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use cases and applications. Hence, it’s not surprising that of the Fortune 50 enterprises, 48 have ...
RSA Conference: FUD-free or filled?

RSA Conference: FUD-free or filled?

IoT 15 Billion Units By 2021 At the annual RSA conference, there were plenty of discussions and presentations on the evolving cybersecurity threat landscape, including application security issues, the internet of things (IoT) and data ...
Using Cloud Analytics To Improve Customer Experience

Using Cloud Analytics To Improve Customer Experience

Evolution of Cloud Analytics Moving data to the cloud, once considered a strenuous task, has now become commonplace in most industries. Originally, this migration started as organizations looked to speed up the time needed to ...
Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained Once we start delving into the concepts behind Artificial Intelligence (AI) and Machine Learning (ML), we come across copious amounts of jargon related to this field of study. Understanding this jargon and ...

CLOUDBUZZ NEWS

Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

Rackspace Launches Kubernetes-as-a-Service with Fully Managed Operations

SAN ANTONIO – May 16, 2018 – Rackspace today announced Rackspace Kubernetes-as-a-Service, a highly-available managed service that transforms the way enterprises can utilize new container technologies, accelerating their digital transformation. Rackspace is focused on delivering true transformation ...
Facebook suspends 200 apps over data misuse investigation

Facebook suspends 200 apps over data misuse investigation

(Reuters) - Facebook Inc has so far suspended around 200 apps in the first stage of its review into apps that had access to large quantities of user data, in a response to a scandal ...
Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

Worldwide Services Revenue Posts Steady Year-Over-Year Growth in the Second Half of 2017, According to IDC

FRAMINGHAM, Mass. May 15, 2018 – Worldwide revenues for IT Services and Business Services totaled $502 billion in the second half of 2017 (2H17), an increase of 3.6% year over year (in constant currency), according to ...
The Lighter Side Of The Cloud - Checking It Twice
The Lighter Side Of The Cloud - The Robo-Revolution
The Lighter Side Of The Cloud - Turmoil
The Lighter Side Of The Cloud - The Backup Reminder
The Lighter Side Of The Cloud - Easter Egg Hunt
The Lighter Side Of The Cloud - Recovery Experts
The Lighter Side Of The Cloud - Low Tech
Star Wars IoT CES
The Lighter Side Of The Cloud - Techwear