Data is only half the GDPR story, watch your software like a hawk

by

Source: Getty

Apprehension around the General Data Protection Regulation (GDPR) has been focused on the best practice for handling data, but companies cannot afford to overlook how personal data is processed by software applications.

As the most comprehensive data privacy standard to date, its introduction in May 2018 will present significant challenges for every organisation processing EU citizens’ personal data.

The perils of non-compliance are severe, with millions of pounds in fines, loss of customer trust, and a sizeable dent in corporate reputation all posing very tangible business risks.

Given the regulation’s legal obligations, this will require those businesses in possession of personal data to be more honest, open and transparent about their protocols than ever before.

However, businesses have been left scrambling to be ready in time.

Where is their data stored? Who is in control of it? What are the risks?

But closely examining data alone is not enough.

Without context, only knowing the location of data resolves just part of the problem.

Unless organisations can identify how they’re using and transporting it via applications, they will continue to face an uphill struggle to unearth concrete risks.

To mitigate any threats, companies must place increased emphasis on scrutinising the applications that process data, and resolve the pain points.

Until now, the business community’s approach to tackling compliance has been sluggish.

The fundamental purpose of many applications is to use, read, create and process information. With ubiquitous use of technology and the explosion of applications, there has been exponential growth of data processing over the past decade.

To date, organisations haven’t had to map out the full and constant flow of all data throughout the business. This is why some businesses are finding it so problematic to become GDPR compliant in such a short period of time.

With less than six months to go, many businesses are still in a state of decision paralysis about where to focus their efforts.

Insecure devices, a lack of knowledge about the transfer of data, and a lack of oversight of the risks have collectively meant businesses remain exposed and vulnerable to evolving digital threats.

Getting started is the biggest obstacle.

As a first course of action, companies must get a full picture of their entire IT infrastructure, and inventory all applications in their estates.

This, coupled with specific insight about which applications can process personal data, dramatically minimises the scope of the project as well as the time spent on it.

Suddenly, the impossible becomes possible.

As the May 2018 deadline looms large, companies must ensure that careful management of software underpins any wider approach to risk, especially when dealing with vast quantities of data.