Ronald van Loon

Impact of AI and 5G on the Possibilities of Data

Impact of AI and 5G This blog post was made in collaboration with Intel. A smarter world is now a possibility that is starting to sound real. Data sits at the center of this change, and data can be referred to as the oil that
/
App Direct CEO

How to Transform to Succeed in the Digital Economy

Succeed in the Digital Economy In today’s increasingly competitive business climate, companies must put digital technologies at the core of their operations. In order to avoid the same fate as companies like Sears or Yellow Cab, businesses must digitize -- from their internal processes to
/
Oussama El-Hilali

The New Kids On The Block: Data Protection Officers

Data Protection Officers

The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or flat out didn’t build in enough time to make sure they met all mandates of this expansive and impactful regulation. One of the lesser well-known requirements is the emergence of a totally new role: The Data Protection Officer (DPO). Organizations are required to (in some capacity) have a DPO on board, but this can be easier said than done.

The right stuff: what to look for in a DPO

Data Protection Officer

The Data Protection Officer (DPO) is sure to be the hot new role for companies operating in the European Union (EU). This individual will be responsible for ensuring anonymity and maintaining the personal information (PI) collected by the company during routine marketing and business practices. The DPO will build and implement procedures for collecting, processing, and storing personal information within the GDPR compliance framework.

The responsibilities of the DPO may appear to be relatively straightforward, but that’s far from the case. The new position is an intricate one and requires dual knowledge of cybersecurity and legalities. That said, individuals that possess this unique skillset are going to be in high demand. So much so that the International Association of Privacy Professionals predicted there are 75,000 new GDPR vacancies around the world. The DPO must also keep up to speed with amendments to the regulation, especially within the first 6 months of its enforcement. This level of expertise will no doubt come with a high price tag, which could present challenges for midsize organizations with limited wiggle room in their budgets.

Keeping the neighborhood safe

Due to the high cost of such advanced expertise, many experts are predicting that we’ll see a rise in compliance-as-a-service models in which a DPO would instruct the IT teams of several companies. This could be a cost-effective solution for many organizations who don’t have the available budget or resources to bring on an in-house DPO. However, each company will still be responsible for its data, so they must approach this outsourced model carefully. It will also be important for enterprises to seek advice from their data protection providers, as they can advise on which technology can help maintain compliance continuously.

So, how should an organization work with both their DPO and data protection provider to make sure they remain in regulators’ good graces? IT leaders should seek guidance on:

  • Phasing out old IT architecture: Legacy systems are often oriented around individual data management, so they lack the necessary features to provide a GDPR solution. Finding and removing these systems will be very important.
  • Where to spend money on new tools: Currently, there isn’t one tool, solution, or service that can protect and maintain compliance for every single aspect of GDPR. That said, companies need to make sure they’re investing in an effective suite of tools that enable improved data governance.
  • Defining personal data: In the GDPR, the phrase “personal data” is loosely defined. It can include everything from emails and email addresses, to information gathered during routine marketing and business activities. Setting an organizational guidance on what classifies personal information will be key.
  • The importance of email archiving: More than 60 billion emails are generated each day, so the potential for a compliance violation is massive because of the amount of personal information exchanged in emails. If there is a subject access request (SAR), the systems administrator must be able to identify and remove emails if a user withdraws their consent. Establishing set processes for producing and maintaining activity logs will also be important, especially in the event of an audit.
  • Keeping tabs on data: When companies store data of EU citizens, it needs to be held in the EU unless the user has provided consent for it be stored elsewhere. Unless a company has a system in place for acquiring this consent, it’s not likely a user has allowed them to store their information in another part of the world. This will be tricky for organizations with storage centers in different continents, so it’s going to be very important to establish a process for understanding where user data is stored.

There are many aspects of GDPR that are subject to interpretation, so organizations need to listen to and implement the advice from both their DPO and their data protection providers. Working with both is the best way to assure continuous compliance, even as amendments are made to the regulation and the technology landscape continues to change.

By Oussama El-Hilali, VP of products at Arcserve

  • Articles
Oussama El-Hilali Contributor
CTO at Arcserve
Oussama has nearly 25 years of IT and R&D experience driving and achieving product strategy and roadmaps, acquisition of new technology, and developing strategic business partnerships in both Fortune 100 and emerging companies. At Arcserve, he is responsible for managing product development.
follow me
Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Cloud-Enabled Managed Hosting Provider We are all familiar with the old saying “That's like comparing apples to oranges” and though we learned this lesson during ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use cases and applications. Hence, it’s ...
Michela Menting

Protecting Devices From Data Breach: Identity of Things (IDoT)

IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create ...
Gartner

Top Trends in Blockchain Technology; inching towards Web 3.0

/
There’s no shortage of news about mega digital commerce players controlling the algorithms that guide our daily actions and thoughts.  See Amazon Changed Search Algorithms in Ways to Boost its Own ...
Amazon logo

Amazon Expands Chicago Tech Hub and Announces Plans to Create 400 New Tech Jobs

/
Amazon to double its tech workforce in downtown Chicago Tomorrow, September 17th, Amazon will hold ‘Amazon Career Day’ event in Chicago for job seekers to learn more about the hundreds of open positions across Illinois—candidates can register ...
The Verge

Richard Stallman resigns from MIT over Epstein comments

/
Famed computer scientist Richard Stallman has resigned from his position at MIT over recent comments he made concerning Jeffrey Epstein’s victims. He has also resigned as president of the Free Software Foundation, an ...

TRENDING | TECH NEWS