2018 will be remembered for GDPR impact

In 2018, all of us got used to giving privacy permissions on our apps, subscriptions and websites, thanks to the General Data Protection Regulation (GDPR). Although the GDPR affects residents of the European Union (EU), penalties still apply for companies doing business outside of the EU, so long as EU residents are involved. This has made GDPR a global concern, rather than just a European concern.

Several vendors have highlighted the impact that GDPR has had:

Source: Sage. Wherrett.

Arlene Wherrett, VP and MD, Sage Asia said, “The GDPR perhaps had the biggest impact on businesses this year. With the new GDPR requirements on data privacy, businesses can no longer leave the security and privacy of their customers’ data on the back-burner. GDPR is also timely in providing an opportunity for businesses to audit their own data management and operational processes. This provides them with a chance to weed out system inefficiencies allowing them to put in place a foundation for greater success in the new data-driven business landscape.”

“The value of consumer consent will also continue to be a key focus area in 2019. We will see an increasing emphasis on regulations to protect consumer data, ensuring businesses are extracting and using information transparently and securely. Businesses and industries will need to keep up with data security measures, while still enabling meaningful consumer experiences,” said Experian Asia Pacific's CEO Ben Elliott.

Privacy by design

Source: Micro Focus. McNulty.

“2018 revealed the importance of consumer privacy and data protection, with the implementation of regulations such as the GDPR bringing 'privacy by design' to the fore. As numerous data breach incidents have shown, organisations must have a complete overview of the data collection processes – what is being collected, how it is being utilised, stored and encrypted – or risk bearing the brunt of losing stakeholders’ trust,” noted Stephen McNulty, President, Asia Pacific and Japan, Micro Focus.

“Consistent data security should be centrally managed, so developers will not have to worry about policy and can get on with advancing the business with innovation and insight. 2019 will be the year where businesses will shift towards data-level security solutions such as analytics and machine learning – coupled with a unified, uncompromising approach towards implementing such solutions as part of the core business and consumer engagement strategy,” he said.

Source: Cloudera.

Micallef.

McNulty explained that developers today typically do not have time to think about risks, “hence data-security and privacy controls should be built and embedded into their systems by default, rather than added as an afterthought”.

Figuring out privacy in the cloud

The cloud brings complexity in complying with regulations like GDPR, added Mark Micallef, VP, Asia Pacific and Japan, Cloudera.

“Despite its benefits, cloud presents two major challenges to organisations: it increases the possibility of data leaks, and makes it difficult to determine the applicable privacy law as it is not always clear where data in the cloud is physically stored.

Source: Symantec. Trilling.

"With the EU General Data Protection Regulation being enforced in May this year, it is now important for organisations to ensure that the cloud services they use are compliant and that the systems and applications they design do not expose risk,” Micallef said.

“Although the GDPR isn’t a global regulation, it also affects organisations located outside of Europe as long as they collect and store personal data of European citizens. Already, Cloudera customers and organisations that would not be subject to GDPR are taking it as their starting point for their own personal data privacy and protection guidelines. This is in addition to their efforts to comply with their country-specific privacy regulations such as Singapore’s Personal Data Protection Act and Australia’s Privacy Act 1998," Micallef observed.

“Expanding GDPR to become a global regulation is a certainly a potential further evolution. For it to become a truly global regulation though, it will first need to prove its worth in its current form; once that has progressed well and has proven workable, the chances of it influencing international practice will be much higher.”

Source: Symantec.

Thompson.

More privacy-related regulations to come

“The European Union’s mid-2018 implementation of the GDPR will likely prove to be just a precursor to various security and privacy initiatives in countries outside the European Union... Australia and Singapore have enacted a 72-hour breach notice inspired by the GDPR, and India is considering GDPR-inspired legislation. Multiple other countries across the globe have adequacy or are negotiating GDPR adequacy,” said Hugh Thompson, Symantec's CTO and Steve Trilling, Senior VP and GM, Security Analytics and Research at Symantec.

“While we are almost certain to see upticks in legislative and regulatory actions to address security and privacy needs, there is a potential for some requirements to prove more counterproductive than helpful. For example, overly broad regulations might prohibit security companies from sharing even generic information in their efforts to identify and counter attacks. If poorly conceived, security and privacy regulations could create new vulnerabilities even as they close others.”

Source: Experian. Elliott.

“2018 was all about GDPR and the ramifications this change in European data regulations would have on how organisations conducted business globally. In 2019, privacy will continue to be an area of focus for the global market, as new regulations such as e-privacy start to be fleshed out and additional regions such as the US look to implement their own data privacy laws, all of which could have global financial impact," predicted Laurence Pitt, Global Security Strategy Director, Juniper Networks and Mounir Hahad, Head of Juniper Threat Labs, Juniper Networks.
 
"2019 will also be the year that many large non-European players will come to grips with the ramifications of GDPR as it is put into practice.”

Source: Juniper Networks. Pitt.

Wherrett said that other legislative changes have affected businesses in 2018, adding to the responsibilities of CFOs and accounting departments.

“For example, new taxation laws like the Sales and Services Tax (SST) in Malaysia and the new Goods and Services Tax (GST) in India can pose significant challenges for businesses operating in these markets.

"For CFOs and accounting practice partners, this means reviewing financial projections as well as implementing new practices to incorporate the regulatory changes. Moreover, many finance professionals will also need to manage these regulatory changes while going through a role transformation as their organisations continue to adapt to digitalisation," she said.