Head of Enterprise Cyber Security Operations
Many people will roll their eyes at the arrival of GDPR, seeing it as the latest piece of red tape coming out of Brussels, resulting in a brake on innovation and immersing commerce in yet more bureaucratic treacle. I beg to differ: GDPR will help us all.
Although businesses are right not to underestimate the complexity of becoming compliant, GDPR actually represents a positive step by the European Union to protect the rights of its citizens, something that is sadly lacking in other regions of the world. With the globe becoming ever more interconnected and technology advances allowing a whole new level of data gathering and analysis, Personally Identifiable Information (PII) is increasingly being viewed as a valuable asset - to be traded for both positive as well as negative purposes.
Regulators need to step up to the PII challenge, and Europe is leading the charge. Now it is time for businesses to step up and acknowledge the duty of care they have for the PII data they hold on employees, customers and partners. This responsibility is not a tax that must be paid, or an overhead to be suffered, it is a fundamental responsibility for any organisation. In the same way that a bank has a solemn responsibility to keep our money safe, businesses must feel the same sense of duty to keep our identities and PII safe and secure.
While GDPR is a great start, our regulators need to step up again. I would like to see regulatory bodies combine to create a Global GDPR framework which can effectively take on the ever more globalised world of data. As we struggle to protect ourselves within our national or regional boundaries, our data is already traversing the globe, especially as businesses change the way they operate and become increasingly borderless. GDPR is global in the sense that all entities wishing to trade with European citizens must comply regardless of their physical location. However, if the Americas and Asia were to adopt a matching policy, it would offer a truly global platform to secure our PII data, enabling our regulatory authorities to meet a globalised threat with a unified global response.
If we are to fully exploit the incredible opportunities of technologies such as the Cloud, IoT and artificial intelligence, we need a global framework in which we can work. Acting regionally to contain a global phenomenon is doomed to failure. So we all lose.
We need a partnership between regional regulators to build a truly global regulatory environment in which we can all work. Businesses must also step up and truly internalise their responsibilities to secure our PII data. The combination of these endeavours will offer us all the protection we need such that we can safely exploit the incredible opportunities that technology offers us.
Visit www.vodafone.com/business/security to read more on GDPR from Jonathan Hughes.
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security insights, you can find us on Twitter and LinkedIn.