Four and still flawed? Reflections on GDPR

Earlier this month, the UK Government announced a new Data Reform Bill in the Queen’s speech. Whilst there are currently no certainties around what the bill will ultimately contain, many predict it will deviate significantly from the current legislation – based largely on the European Union’s GDPR.

GDPR, one of the strictest data privacy regulations in the world, was passed by the EU four years ago today to ensure the data protection of residents. With the legislation still leaving its mark, and change on the horizon, we spoke to eight business leaders to discover their reflections on the regulations, their tips for staying compliant, and what future regulations might mean for UK businesses.

Andy Swift, Technical Director of Offensive Security at Six Degrees, casts his mind back to when the legislation was first introduced and the reactions it generated. “Back in 2018 GDPR prompted significant discussion and self-reflection among organisations, but it’s fair to say its impact waned as the expected torrent of fines and penalties never really arrived. Like all data enforcement regulations, resourcing and governance for GDPR have been challenging – which has led to some complacency creeping in”.

He rationalises that “ultimately, GDPR is still very young. It has provided important awareness and structural guidance throughout its four years of existence, and I anticipate that its presence and impact will grow as non-compliance fines become more prevalent”.

Aims and achievements of the legislation

Jakub Lewandowski, Legal Director and Global Data Governance Officer at Commvault, breaks down the legislation and explains exactly what it changed. “GDPR and UK GDPR respectively introduced a lot of extremely useful concepts and mechanisms, most importantly they helped develop a common language to discuss privacy and data protection issues. As with any legislation with multiple stakeholders involved and affected, certain choices and priorities had to be made”.

The enforcement for full legislation was met with mixed reactions. However, Kevin Kelly, Vice President & General Manager, Global Compliance Solutions at Skillsoft, highlights the successes. He argues that it “has prompted significant improvements in the governance, monitoring, awareness, and strategic decision-making regarding the use of consumer data”.

He furthers: “one of the ideas behind GDPR was to assure consumers that their data will not fall into the wrong hands. For the most part, consumer data and privacy is now considered a top priority by leading companies”.

Ensuring full compliance

Regardless of any upcoming changes, businesses need to ensure they are GDPR compliant, which means they must follow the current data protection regulations. Kris Lahiri, Co-Founder and Chief Security Officer at Egnyte, expands on how to do this, “as data privacy requirements continue to increase across the world, it’s imperative that organisations have total visibility into their regulated and sensitive data. By establishing effective data governance programs that can evolve with rapidly-changing requirements – in addition to ongoing cybersecurity awareness training – businesses can stay on top of regulations, as well as potential threats like ransomware”.

Phil Dunlop, VP EMEA at Progress, also gives his tips: “centralised, tamper-evident audit logging ensures data can be trusted for accuracy. Securing personal data against internal and external threats, loss or damage is also critical, therefore automatic file integrity checking can validate that a file has not been altered. Having a robust GDPR-compliant framework in place will extend your cyber security practices, boosting customer trust and loyalty. By using customer information effectively, an organisation can make better business decisions and ensure a better return on tech investments”.

Learning from the past as we look to the future

Despite the achievements of the bill, the fact remains that many people feel it left much to be desired.

Michael Queenan, CEO and Co-Founder at Nephos Technologies, states that even now “our personal data is anything but personal. Currently, the large corporations and government institutions that collect our personal data are responsible for using and selling it. Although GDPR introduced rules on how such organisations should handle and protect this data, it arguably did not go far enough as it does not specify exactly what businesses can and cannot do with their customers’ personal information. For individuals, therefore, there is a huge loss of control over their data”.

Looking to the future, Donnie MacColl, Director of EMEA Technical Services at HelpSystems, believes that the new legislation planned by the government “is more of a statement of intent rather than policies that are set in stone. It remains to be seen how the government will move forward as further detail emerges”.

He continues: “concerns have been raised that organisations won’t be able to use personal data to optimise the sales process. While this is likely to become more challenging, there is a strong argument to say that, like GDPR, the emphasis must remain on keeping personal data more secure. The Bill seeks to strike a balance between data protection and the ease of doing business and that is to be welcomed”.

Richard Orange, Vice President EMEA at Exabeam, agrees that the direction of the new Data Reform Bill isn’t as clear as it will need to be, as he concludes: “At the moment we are in the very early stages of this process and there is a lot of speculation over what the logistics of what the next few months may look like. However, we do know that it will be important to be able to regulate data sovereignty from country to country, as this may become a challenge. Regions across the UK will need to find commonality and work cohesively for any reforms to be effective”.

Industry Experts

Top Business Tech spoke to experts from Six Degrees, Commvault, Skillsoft, Egnyte, Progress, Nephos Technologies, Helpsystems and Exabeam.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...