Data privacy is one of the hottest topics in all industries globally. Understanding the critical due diligence from a data privacy and sovereignty perspective will help mitigate risk.
Privacy is not a security issue
Today, we face other and more complicated challenges than ever before regarding data privacy. Privacy is not a matter of security. Privacy concerns the contents of data -personal data- and its storage, transfer, access and processing methodologies. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.
In this day and age tech-disruption causes new business models requiring even profounder use of data; leading to increased transfer of vast amounts of personal information across borders. GDPR and other data protections laws are being implemented to protect data from misuse, respecting the rights of the data owners. The rules are strict but data-privacy shows itself to be a wheel with many spokes.
The new currency
Data is currency, and the sense of urgency surrounding this is obvious; worldwide regulations develop fast and data leaks easily get in the eye of the (social) media storm causing heightened concern about privacy risk. The sanctions of the GDPR (4% of global annual revenue) will even hurt giants like Google, Apple and Microsoft. Times will change in benefit of privacy for the individual but conflict in data protection rules per country cause a bottleneck for business.
Challenges are plenty
Global restrictions, data location, volume from unknown sources, lack of transparency and liability and accountability are blurring a clear outlook on a good data privacy and sovereignty strategy. LeaseWeb and NetApp discussed these and other issues in a spectrum of data and Cloud over dinner with Dutch CIO’s in Amsterdam.
It was apparent; the difference between privacy and security in daily practice still needs clarifying. Security being a protective base and privacy of data itself as content, carrying sensitive information about business, processes and people, fenced by strict policies in current day. CIO’s clearly are challenged by new rules and regulations of privacy in the cloud from global restrictions to jurisdiction, cross-border data flow to data breach remediation and contingency plans.
Pluriformity of data, needs privacy by design
Mrs. Sheila M. FitzPatrick, Worldwide Data Governance & Privacy Counsel and Chief Privacy Officer of NetApp discussed privacy by design as plausible solution to start from, at a CIO Roundtable dinner on November 17th in the Netherlands.
“ You will be forced to look at your data as its pluriformity makes it so complex. It will take a structured approach in which you have to ask yourself multiple questions and take -a few very well to manage- steps that will take you further in the quest for good data-privacy. Ask yourself what your risk profile is. Simply stated: If you don’t need the data, just don’t collect it. Next to that -be honest to your customers- you will need to address your legacy systems and state that you are in an inventory process avoiding data to become harmful. Make sure you will have a DPO (Data Privacy Officer) in the company internal or external to deal with legal compliance and set up a plan of what data could or should live in the cloud. Next to that make sure to have vetted trustees and providers on board and have a clear portfolio of explicit policies and procedures in place.
A valid guideline for all involved in data-privacy -to smoothly operate on the intersection of technology, trusts, the law and tech – Face the challenge with the understanding of all requirements.