- Formalises the steps companies must take to safeguard customer and enterprise data
- Applicability of GDPR is determined based on the markets in which a company operates
THE 21st century has seen a rapid rise of new technologies and digitalisation, resulting in the creation of a digital economy - with data being lauded as the new oil of our generation.
While the wealth of data offers governments and businesses access to an unprecedented amount of information about consumers and citizens, this had also resulted in the rise of privacy and security challenges in today’s data rich generation.
The European Union’s impending new (EU) General Data Protection Regulation (GDPR) is a key legislation that aims to tackle these data privacy and security challenges by bringing rules into force that formalise the steps companies must take to safeguard customer and enterprise data.
Moreover, the applicability of GDPR is not determined based on the registered headquarters of the company, but rather the markets in which it operates.
So how are companies faring? According to a study commissioned by Veritas, many companies believe that they are already covering the requirements of the GDPR, with 31% declaring that their own organisations have long fulfilled the key provisions in the regulation. However, upon further questioning, only 2% were in fact prepared for the GDPR.
Risks, challenges and opportunities Involving the GDPR
With the GDPR looming, businesses in Asia that deal with the EU run the risk of non-compliance, which could inadvertently negatively impact their businesses.
The EU is Asean’s second largest trading partner, accounting for about 13% of Asean's trade, and by far the largest investor in Asean countries. Thus, it is crucial for businesses in the region to ensure that they are GDPR ready.
While many companies understand the severe repercussions of not being in compliance with the GDPR, they often underestimate how broadly it reaches and how complex it can be to manage.
Moreover, the multitude of data communication channels in use today make it even harder for companies to maintain compliance and ensure all channels are covered.
Companies now have a variety of communication tools from social media and messaging apps to business-oriented collaboration software for the purpose of communicating with customers, colleagues and partners.
However, constantly switching between different communication platforms leads to data being fragmented and stored in different locations.
One potential challenge that companies may face is that if they receive a request under the GDPR to retrieve or delete data, they have to ensure that access to the data remains seamless.
On top of this, companies have to ensure that the stored data is always secured, processed in accordance with the standards outlined in the GDPR, accurate and up-to-date.
Companies may often be using communication tools and services that are not GDPR compliant, putting themselves at risk of incurring hefty fines of up to 20 million Euros (RM96.13 million) or 4% of the company’s global annual turnover - a cost that makes the GDPR impossible to ignore. One of the best ways to mitigate such risks is for companies to adopt appropriate policies and processes that are backed up with technology to enforce them.
Companies can begin identifying and deploying enterprise communications solutions that meet all the requirements of the GDPR to demonstrate compliance.
Email for example still remains the most ubiquitous form of communication amongst businesses. With the number of email users worldwide expected to reach 2.9 billion by 2019, it is paramount for businesses to ensure that their email communication is GDPR ready.
Email security has always been a pain point for the majority of companies, especially since this communication channel is used to exchange sensitive data, making it a prime target for cyber-attacks.
It has been found that 91% of email-related data breaches are a result of poor practices by staff, who often send confidential documents by email without encryption.
By deploying a secure, GDPR compliant email service, companies can avoid compliance issues while remaining safe from data breaches.
As companies start implementing the necessary changes to the way data is processed and ensuring that their communications infrastructure is GDPR ready, they will undoubtedly become better prepared for similarly styled legislations in the future.
This compliance and improved levels of readiness ensure that companies will be able to continue their journeys towards digital business and IT transformation, while generating trust and brand loyalty amongst their customers.
Oliver Prevrhal is the managing director at Retarus Asia.