It has been a tough few years for data regulation, and companies are facing scrutiny over their handling of user insights.
The 2018 European General Data Protection Regulation (GDPR) set the wheels in motion for ever-tightening measures. 2020’s Schrems II judgement further limited the use of data by businesses, prompting many organisations to re-think their mechanisms for transferring data and prioritise compliance against harsher EU laws. Similarly, the highly publicised Facebook-Cambridge Analytica scandal, which exposed the misappropriation of users’ personal information for political purposes, captured public interest in the data regulation discourse.
There’s definitely a far tougher enforcement regime now … the tolerance for breaches or slips is almost zero
Alasdair Anderson, vice president and general manager for Europe, the Middle East and Africa at Protegrity, says: “While consumers are growing increasingly concerned about their privacy, their demand for highly personalised services – which by definition require the use of their personal data – is skyrocketing. Businesses must figure out how to tread this fine line.”
“Anyone who’s ever purchased a car will understand this,” explains Anderson. “While you probably don’t want your contact details sold to third-party advertisers, you definitely want a simple, seamless purchase experience, which means that everyone from the car manufacturer to the bank to the insurance company needs to collaborate and share what they know about you so you can drive off the lot that same day.”
In reality, businesses that understand how to securely and responsibly utilise data will not only deliver better experiences for their customers but will also drive innovation, competitive advantage, and growth in the marketplace.
Decoding dangers
It’s not just the risk of breaching the law that causes some corporate leaders to think twice before embracing data and its power to drive business change. According to Check Point Research, the average organisation worldwide fields more than 1,130 attempted cyberattacks per week. This rise in cyber attacks means that businesses are increasingly concerned about collecting large swathes of customer data that could be at risk.
The way businesses approach sensitive information is evolving, says Anderson. “It’s now a nexus between digital and data,” he says. “Companies are really spending a lot of time trying to get the digital experience right.”
Striking a balance is hard, Anderson admits. Driving business growth while carefully toeing regulatory lines is challenging. “It’s sort of the immovable object meets the unstoppable force,” says Anderson. Everyday users have become more conscious of the information they surrender to big tech companies and how their data can be misused.
“People think the social media giants of the world, like the Facebooks, are a bit creepy,” he says. This scepticism means companies must do substantial due diligence around the appropriate use of digital data. “Do you have the right to use this data for this purpose?”
Regulators have peered through the looking glass and have lost patience with businesses. “There’s definitely a far tougher enforcement regime now,” says Anderson. “We’re seeing that across all industries … the tolerance for breaches or slips is almost zero. You must be a safe custodian of data, but you also must act in a trusted advisor role, where consumers expect you to understand who they are, what they need, and how to keep them safe,” he says.
Finding solutions
Enterprise data protection policies that follow the data wherever it’s used help businesses take advantage of sensitive data to improve advanced analytics, machine learning, and AI without putting intellectual property or the personal information of customers and employees at risk.
“At first, it might sound strange to think of data as travelling, but this is a very important concept in data security and privacy and is critical to delivering a positive customer experience,” explains Anderson. “Think about what’s required when a person travels internationally. Their personal information is needed for airline reservation systems and loyalty programs, at immigration or when they use a credit card. Their data travels across country and legal entity borders, but also technology systems and cloud architectures.”
It’s not just individual businesses that can benefit from this data: trusted third parties working with businesses can, too. An analytics vendor working with an organisation could be granted access to a protected dataset in a way that doesn’t allow them to view the data but does utilise it to improve algorithms, driving better business results. It’s an approach that improves the third-party provider’s ability to offer data solutions to the business, as well as the business and its ability to provide better service to customers.
“Zero trust principles” are more important than ever in a hybrid and remote work world. They ensure data is protected at rest, in motion, and in use and is only reidentified by an authorised viewer just in time to complete their task. Businesses that fully deployed zero trust security models lost up to 42% less in data breach costs last year. It’s also a way of ensuring the business stays compliant with the spider’s web of global data regulations without falling foul of cross-border issues.
Staying competitive
While compliance is essential, too much risk aversion within a business can put a brake on innovation. Corporate leaders may feel like they need to avoid pitfalls rather than enter into new areas, leading to increasingly conservative decision-making. Both real and perceived threats can have a profound influence on the way data is used and controlled. But this emphasis on playing it safe has the potential to obscure new opportunities.
Equipping data teams with the right systems to push forward while protecting data and remaining transparent is essential. As new data privacy regulations emerge, data protection solutions must extend protection wherever data travels – across IT platforms, clouds, regional borders, and beyond. Protegrity has developed data protection tools that enable businesses to make informed, real-time decisions based on insights derived from their data. It acts as the central component of an in-depth cybersecurity strategy, supporting compliance and innovation in tandem.
“The biggest factor is the competitive environment companies find themselves in,” says Anderson. “Whereas in the past you’d have multiple attempts at getting it right, now you really only have one chance to make a first impression, to make people want to come back, That’s all driven through how you understand your customer – and that requires a deep analysis of data.”
Organisations that can unleash the potential of their data will steam ahead in the coming years. Consumers are the ones driving the change, which in turn creates great opportunities for those businesses that can innovate. Businesses must become more flexible with their data to drive transformation – not just to survive in the face of stiff competition, but to thrive.
For more information, visit protegrity.com
It has been a tough few years for data regulation, and companies are facing scrutiny over their handling of user insights.
The 2018 European General Data Protection Regulation (GDPR) set the wheels in motion for ever-tightening measures. 2020’s Schrems II judgement further limited the use of data by businesses, prompting many organisations to re-think their mechanisms for transferring data and prioritise compliance against harsher EU laws. Similarly, the highly publicised Facebook-Cambridge Analytica scandal, which exposed the misappropriation of users’ personal information for political purposes, captured public interest in the data regulation discourse.
There’s definitely a far tougher enforcement regime now … the tolerance for breaches or slips is almost zero
