Data protection and adhering to GDPR

How important is GDPR and data protection framework

Every organisation must be committed to the security of their data, it is therefore important to have a positive data protection framework to address security issues that the organisation might be exposed to. Within this data framework concepts like understanding the data you are protecting, data breach reporting, data risk assessments, compliance to the General Data Protection Regulation (GDPR) and a data protection team are imperative. 

GDPR is the law that guides personal data collection and processing of information for all organisations processing and holding the personal data of European Union residents, regardless of the company’s location. It is important to comply because there are penalties and fines that are imposed on data breaches for organisations. The Protection of Personal Information Act (POPIA) is another data regulator that promotes personal data protection for South African citizens and businesses. 

The requirements for GDPR are as follows: 

  • Consent of subjects for data processing 
  • Make data unknown for collected data in order to protect privacy 
  • Providnotifications when there is a breach of data 
  • Safely handle the transfer of data across all borders 
  • Appoint a data protection consultant to oversee GDPR compliance which applies to certain organisations 

Big data has become a great asset for many companies, providing improved operations and new business opportunities. However, big data challenges include capturing data, data storage, data analysis, search, sharing, transfer, visualisation, querying, data source and data protection. With that said, it makes big data more vulnerable, because of the volume, variety, and the increasing velocity of data. 

Data protection must involve solutions that are proactive not reactive and preventative not curative. Implementing a smart data protection solution involves techniques such as data protection and classification (for instance Azure Information Protection that helps organisations to classify and optionally protect their documents and emails by applying labels). 

It is also vital to use vulnerability scans and risk assessments; we should be proactive in monitoring and alerting on data. Other foundational techniques involve encryption, granular access controls, compliance reporting, auditing and other advanced data security analytics. 

The Internet of Things (IoT) acts as an ecosystem by collecting and sharing information through IoT devices and sensors. These devices potentially expose sensitive data and therefore organisations must understand how they protect thdata that these devices store and send, including personally identifiable information 

The National Institute of Standards and Technology (NIST) has recently released a report Core Cybersecurity Feature Baseline for Securable IoT Devices in which it addresses IoT devices and how they differ from conventional devices in the following way:  

Iodevices interact with the intention of bringing an output based on collected data and continuous improvement into the ecosystem: 

  • One cannot directly access, manage and monitor the IoT device as it provides a lack of transparency in device features and interfaces  
  • Most IoT capabilities are pre-configured before being used. This means it is much harder to maintain IoT devices capabilities, efficiencies and effectiveness to help mitigate cybersecurity risks as opposed to conventional IT devices, such as protecting data at rest. 

Currently, there are solutions available to help secure and protect IoT devices.

Get in touch with us for a data protection framework that addresses your organisational security concerns. 

Leave a Reply

Your email address will not be published.