CEO Reports – Innovations in Data Management Solutions for Governance and GDPR Compliance – Veritas

Page 1

SPECIAL REPORT

Data Management Solutions for Governance and GDPR Compliance Engaging Generation Z in the age of GDPR GDPR and Data Management Educating Employees About Data The Big Data Revolution GDPR: Business Risk and Business Opportunity

Published by Global Business Media


How do you protect something you can’t see? Your company holds petabytes of data, across multiple business units and countless systems. As much as 54% of this data is unmonitored and potentially risky. But now under GDPR, if a customer asks to see their data, you will need to respond – are you confident you could do that? Veritas can help you locate and classify your unstructured data. Because you can’t comply until you know what you’re holding. Take the first step today with our GDPR Risk Analyzer tool: veritas.com/gdpr


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

SPECIAL REPORT

Data Management Solutions for Governance and GDPR Compliance Engaging Generation Z in the age of GDPR GDPR and Data Management

Contents

Educating Employees About Data The Big Data Revolution GDPR: Business Risk and Business Opportunity

Foreword 2 Tom Cropper, Editor

Engaging Generation Z in the age of GDPR

3

Veritas Technologies

The New Data Landscape Personal Data in the GDPR Era Published by Global Business Media

Published by Global Business Media Global Business Media Limited 62 The Street Ashtead Surrey KT21 1AT United Kingdom

The 360 Data Management Approach and the GDPR The Future of Compliance

GDPR and Data Management Tom Cropper, Editor

Switchboard: +44 (0)1737 850 939 Fax: +44 (0)1737 851 952 Email: info@globalbusinessmedia.org Website: www.globalbusinessmedia.org

The GDPR Challenge

Publisher Kevin Bell

Educating Employees About Data

Editor Tom Cropper

Jo Roth, Staff Writer

Business Development Director Marie-Anne Brooks Senior Project Manager Steve Banks Advertising Executives Michael McCarthy Abigail Coombes Production Manager Paul Davies For further information visit: www.globalbusinessmedia.org The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the Publishers or the Editor. While every care has been taken in the preparation of this publication, neither the Publishers nor the Editor are responsible for such opinions and views or for any inaccuracies in the articles.

7

GDPR Requirements Getting a Grip on Data

9

Total Education Identify Gaps Develop Engaging Training Materials Update Training Recruiting the Right People

The Big Data Revolution

11

Tom Cropper, Editor

Big Data Grabbing the Opportunity Data Management - The Next Generation

GDPR: Business Risk and Business Opportunity 13 James Butler, Staff Writer

Business Enabler Going Above and Beyond Data Management Strategies

References 15

Š 2018. The entire contents of this publication are protected by copyright. Full details are available from the Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. WWW.CEOREPORTS.COM | 1


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Foreword

M

uch has been written about the arrival of

Jo Roth then looks at the challenge of educating

GDPR. We’ve seen examples of companies

employees about GDPR. Establishing a positive

being confused about how to comply with the rules

culture of data hygiene will be crucial in helping firms

and warnings of the potentially enormous fines.

stay the right side of the regulators.

However, if approached in the right way the mere

We will also look at the role of next generation data

act of complying with GDPR can also deliver a

management solutions. These are the tools which

number of important business benefits.

can provide additional insight into data use. GDPR

The focus will fall upon data management solutions.

provides specific requirements which any new system

As data becomes ever more valuable, the way in

will need to meet. Understanding the risks and your

which businesses manage it looks set to make the

data goals will help you decide which is the most

difference between success and failure. Our opening

appropriate option.

article comes from one of the leading names in data

While many firms see this as simply a matter of

management, Veritas Technologies. Their 360 Data

compliance, James Butler argues that taking a

Management Suite represents the next generation

more proactive approach can deliver considerable

of data management – one in which all data is

business benefits. He sees why some businesses are

amalgamated from various resources, is highly visible

taking a more aggressive line with a mix of training,

and accessible and provides additional insights

rewards, penalties and new technology.

which can help businesses cater to an increasingly data hungry clientele.

GDPR is every bit the challenge people say, but it is also a big opportunity. The act of getting on

The most immediate gain companies are looking

top of data will be enough to drive considerable

for, though, comes in the form of GDPR. Europe’s new

improvements in a business. It will require a certain

data protection laws increase the pressure on firms

amount of investment in time, energy and resources

to keep control of their data. However, we discover

but the benefits will shine through in the bottom line.

that many are confused about what they have to do. Attempts to comply are often unnecessary and, in some cases, lead them into a breach.

Tom Cropper Editor

Tom Cropper has produced articles and reports on various aspects of global business over the past 15 years. He has also worked as a copywriter for some of the largest corporations in the world, including ING, KPMG, and Zurich Insurance.

2 | WWW.CEOREPORTS.COM


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Engaging Generation Z in the age of GDPR Veritas Technologies Much has been written about the changes GDPR will bring. But how will this impact the way organisations engage with a Generation Z market that’s growing in size and importance? The Veritas 360 data management approach can help, offering a framework for compliance and a platform for engaging new generations of customers more effectively.

The New Data Landscape The headlines have been dominated recently by various data scandals, with immense concern about how social networking and data analytics organisations have harvested and processed personal data from millions of users to drive commercial and political outcomes. The market cap, share prices, profitability and brands of these organisations have been severely impacted – not surprising, with a regulatory drive for greater transparency and requirements for data subjects to know exactly what happens to their data. Today, most organisations with an online presence can be affected too, as everything customers do, both on and offline, leaves behind digital traces. Every purchase, every search, every location and every “like” is collected, and advances in technology and automation have led to the emergence of enterprises focused on engaging with hyperconnected online multitaskers – Generation Z (Gen Z). Although Gen Z are a broad group, encompassing all those born since the turn of the century, they share a common experience of growing up in the midst of the digital revolution. Gen Z customers expect to be able to do almost everything online. They’re well aware of the risk of sharing personal information online, but they recognise the data value-exchange and expect something in return. However, this data exchange can potentially pose a huge risk for organisations, especially with the General Data Protection Regulation (GDPR), which strengthens data protection for European Union (EU) citizens. Gen Z customers are well aware of the risk of sharing personal information online, but they recognise the data value-exchange. In parallel, enterprises are accelerating their digital transformation journey, developing digital

experiences that appeal to Gen Z users. The technologies that support these experiences must be flexible to provide the agility and adaptability to cater for ever-changing user expectations and behaviours. But the cost of implementing such elastic technologies has been crippling for organisations, until recently.

organisations with an

Cloud and analytics combine

online presence can

Cloud service providers now offer native tools to address the challenges of cost and elasticity. The cloud offers lower costs, on-demand access and self-service, rapid provisioning and de-provisioning, and innovative tooling such as analytics. To fully and efficiently exploit these services, organisations have been migrating gargantuan volumes of data to the cloud. This strategy brings risks, however, with the GDPR demanding greater accountability and transparency from organisations in how t hey collect, process and store personal information. Cloud services providers do provide certain levels of assurance, but the enterprise is still the data owner, and it is held responsible for ensuring compliance. With the help of cloud-based analytics, enterprises have realised that Gen Z is driving change faster than ever before. How will brands connect with Gen Z customers on their terms? How will their customer journeys be different from the generations before? Data analytics appears to provide some answers. The cloud has allowed organisations to scale out data workloads easily and quickly, which in turn enables them to look across huge volumes of data to identify developing trends. Data and analytics are becoming the pillars of modern businesses as more and more companies realise that, to remain competitive, they need to become data-driven. Multi-cloud analytics means generating, accessing, processing, managing, storing and

Today, most

be affected too, as everything customers do, both on and offline, leaves behind digital traces

WWW.CEOREPORTS.COM | 3


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

sharing vast quantities of data, and the introduction of the GDPR will have major implications for datadriven organisations. Data and analytics are becoming the pillars of modern businesses as more and more companies realise that, to remain competitive, they need to become data-driven.

Gen Z and artificial intelligence

The digital natives of Gen Z have a special affinity for artificial intelligence, because it mimics their natural tendency towards mobile communication

Gen Z users have grown up with digital and mobile technology and are masters of parallel processing and multi-tasking. How can the immense power of cloud computing and analytics possibly keep up with them? Intelligence is no longer exclusively human. Machines can now recognise a human face, drive a car, beat a chess grandmaster and cope with uncertainty. The ongoing popularity of messaging platforms has helped to usher in a new era in which artificial intelligence will amplify marketing efforts, especially with Gen Z in mind. The digital natives of Gen Z have a special affinity for artificial intelligence, because it mimics their natural tendency towards mobile communication. Every engagement creates a new digital footprint, and is likely to contain personal data that, under GDPR, must be accessible to data subjects and securely protected, regardless of whether the processing takes place in the EU or not.

Getting more value from more data In an age where Gen Z is shifting the dynamics of consumer behaviour, organisations are harnessing the power of the multi-cloud, analytics, automation and artificial intelligence to drive digital transformation for market survival. Data drives the Gen Z economy. Organisations collect information and move copies of this data to the cloud to power intelligent interactions that collect even more data. Through systematic automation, the data is then replicated several times for operational purposes, which results in multiple copies being created and stored, across countries, continents and clouds, creating an explosion of data from an unprecedented number of channels. IDC predicts that data creation will swell to a total of 163 zettabytes by 2025a, suggesting we’re entering an era focused on the value of data: creating, utilising and managing ‘life-critical’ data necessary for the smooth running of daily life for consumers, governments and businesses alike. IDC predicts that data creation will swell to a total of 163 zettabytes by 2025a.

4 | WWW.CEOREPORTS.COM

Personal Data in the GDPR Era By 2025, 75% of the world’s population will be connectedb and they’ll expect enterprises to be responsible with their data and demonstrate compliance – or suffer severe consequences to their brand. There has been much talk about the scale of fines organisations face if they fail to meet their GDPR obligations with personal data. Yes, these fines could be large (as high as e20 million or 4% of annual revenue), but to focus on them is missing the point about the Regulation. The crux of the GDPR is about enterprises being accountable for the personal data they collect and ensuring they handle it with care and respect the rights of the individuals they collect it from. This means having a clear understanding of why the data is needed, what it’s used for, where it’s being stored and who’s got access to it. If an organisation can’t do this – and clearly some have failed in the past – there will be fines, but a bigger concern should be the reputational damage and loss of customer trust. There has been much talk about the scale of fines, but to focus on them is missing the point about the Regulation.

Control and culture in the post-GDPR landscape Another key point about the GDPR is that it empowers people to take control of their data, and gives them rights to find out how their data is used and, in some cases, to ask for it to be deleted. This will have a greater impact on industries reliant on direct marketing activities, such as retail, travel, finance or insurance, but any organisation with customers in the EU should expect them to exercise their rights. GDPR compliance is a journey, not a destination, and it must become a constant part of any organisation in the same way that health and safety or accounting practices are followed. This means not only having effective


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

data management practices, but ensuring the whole organisation has a culture of data privacy by default. This data privacy culture will require staff training, as well as processes and tools to enable employees to manage personal data effectively. There are several dimensions to the data protection task ahead: •P roliferation: Without proper management, data proliferation impedes productivity and increases risk, with cloud strategies adding further risk if not thought through properly. • Fragmentation: As data becomes increasingly fragmented across locations and applications, organisations must not only maintain compliance to avoid fines – they need to harness data to drive customer engagement, improve loyalty and build their brand. •T rust: Digital natives are more comfortable sharing data with organisations they trust and align with – but if that trust is broken, the impact is significant. Technology will certainly play a part here; being able to find personal data when it’s spread across unstructured data sources such as file servers or cloud storage will require very innovative classification and AI technology. Of course, technology won’t solve GDPR on its own, but it will be an important part of the data management solution. At Veritas, we help organisations overcome these challenges by using our 360 data management approach, based on our long history of data management leadership.

problem-solving framework alongside a portfolio of cutting-edge tools to address GDPR. With 360 data management, organisations gain the ability to locate, search, minimise, protect and monitor personal data – fundamental stepping stones towards GDPR compliance and unlocking the business benefits of engaging with Gen Z customers on their own terms. The first step is to locate data and understand the business processes it supports, what data is being used and why. This step is all about making personal data visible and helping organisations make better decisions about GDPR by having more information about the data. The search step helps organisations respond to data subject access requests. This step is all about finding the data in a timely fashion, using metadata from the locate step to provide relevant results, further enhanced by a filtering mechanism. The objective of the minimise step is to place controls around personal data and reduce risk. It uses intelligence from the previous steps to put in place business rules to support key data management decisions, such as retention and disposition schedules. The next step helps organisations protect personal data from loss, damage or breach, with a range of technology solutions and robust processes to ensure data is backed up or replicated while making sure data sources are highly available. The monitor phase helps organisations maintain control of personal data through effective monitoring processes and tools to control, audit and report on data access, enabling rapid breach response and reporting to retain the trust of regulators and customers.

The GDPR framework

The 360 Data Management Approach and the GDPR The 360 data management approach gives organisations a way to own and control their data and information, enabling data to be treated as an asset, rather than a potential liability. 360 data management creates a single pane of glass across all information assets, as well as a single control point for policies. It provides a

Cloud service providers now offer native tools to address the challenges of cost and elasticity. The cloud offers lower costs, on-demand access and self-service, rapid provisioning and de-provisioning, and innovative tooling such as analytics

Locate: First gain visibility of the personal data you hold. To process and manage that data, you need to be able to map where it’s stored, who can access it and how long you’ve kept it. Search: Data subjects can request to see all their personal data and ask that it be corrected, moved or deleted. Your ability to rapidly respond to these requests is critical. Minimise: Keep personal data for only the amount of time related to the reason you’re holding it. Suitable retention policies that automate deletion are vital for GDPR compliance. Protect: Safeguard personal data from damage, loss or breach. Establish transparency in your data protection and security processes to ensure you can fulfil audit and compliance requests.

WWW.CEOREPORTS.COM | 5


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Monitor: You need the ability to uncover data breaches and notify the authorities within 72 hours. It’s critical to have the right investigative tools to spot risky behaviours.

Accelerating compliance programmes A recent Veritas survey found that many organisations are still only in the initial stages of a GDPR programme.c They may have created a programme to consider governance, leadership, policy and corporate structure, but we’ve found that little progress has been made, and in reality GDPR compliance is lagging behindd. Many organisations are still only in the initial stages of a GDPR programme, and compliance is lagging behindd.

A recent Veritas survey

The Future of Compliance

found that many organisations are still only in the initial stages of a GDPR programme The 360 data management approach can help accelerate organisations’ GDPR journey because it helps provide: •V isibility: A global view of data and the digital environment that goes beyond compliance to support better-informed decision-making while reducing risk and cost. •H olistic data protection: Automated backup and recovery, across all applications and workloads, whether physical or virtual.

References: a b c d e

6 | WWW.CEOREPORTS.COM

•D ata and workload portability: Tools to move data between on-premises and cloud locations to take advantage of the right tools in the right environment and gain real business agility. •S torage optimisation and software-defined storage: Simple tools for moving and storing data on the platforms that enable the best data performance, with a single pane of glass for viewing and management. •B usiness continuity: A platform for automated resiliency across all environments, whether onpremises or in the cloud, providing a flexible, predictable way to deliver the always-on services customers expect. As organisations harness technology, automation and artificial intelligence to drive digital transformation, they’re becoming increasingly susceptible to the risks of dealing with personal data. 360 data management helps deliver digital compliance, giving organisations confidence, enabling understanding, reducing risk, and identifying vulnerability.

Data Age 2025, An IDC Whitepaper Data Age 2025, An IDC Whitepaper https://www.veritas.com/company/research-exchange https://www.veritas.com/company/research-exchange Predictions made by Ray Kurzweil, author, inventor & futurist

It’s predicted that by 2020 computing power will equal the human brain, and by 2050 will have surpassed it.e In the context of data management, this will provide a huge opportunity to improve data protection even further. There will be common gateways, whether in the data centre or the cloud, with the ability to understand every single piece of information that comes in and out. This rich understanding and computing power will enable sophisticated automation, bringing about machine-led, intelligent decision-making. Of course, the main requisite for achieving this will still be the organisation’s ability to understand its data. By understanding their data and automating decision-making, organisations won’t just simplify GDPR compliance – they’ll have an effective way to engage with Gen Z, and the flexibility and adaptability to engage with the generations to come.


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

GDPR and Data Management Tom Cropper, Editor Customer data is more important than ever but the arrival of GDPR creates a number of data management challenges for businesses of all kinds.

I

T’S HERE. Europe’s General Data Protection Regulation (GDPR) has cast a shadow over the business world for the past few years. It represents the biggest ever change to data protection regulations and its implementation has caused problems for even the most techsavvy of firms. Two of those, Facebook and Google, were the kind of companies which might have been expected to be ahead of the curve, yet they became the first targets of GDPR complaints almost as soon as the law came into force1. Complaints centred on the way in which they had asked for customer consent. Members of platforms found themselves denied access to their accounts until they gave their consent to the use of their data. This, argued campaigners, went against the spirit of GDPR which states that consent must be clear, unambiguous and freely given. Indeed, those consent emails which became so ubiquitous highlight some of the problems that firms have understanding the scope and implications of GDPR. According to some experts, most of the emails being sent have been unnecessary and a few might be illegal. They argued that many firms which were already using the email contacts of their customers already had the required consent for GDPR and those which did not were contravening GDPR simply by sending the emails. Some firms ran into difficulty even before GDPR became an issue. In 2017, Honda and Flybe were fined a combined total of £83,000 by the ICO for breaking data rules in an email sent out to contacts seeking GDPR consent. The problem – many of those clients had already said they did not want to be contacted. The email itself was a breach of the data protection act and landed the two companies with a fine. The first problem firms face, then, is confusion. Many are not certain what consent they have and what they need, and this can be an enormous problem because data is becoming more important than ever before in the world of commerce.

Consumers are increasingly happy to interact with companies online. They understand the currency of their own data and are willing for it to be used on one condition – they feel that they can trust the company handling it. Moreover, they expect to be able to access all sorts of services online and that means companies have to get comfortable using data.

The GDPR Challenge There is a clear impetus for businesses to continue expanding their use of personal data. Their customers want them to and it drives value for them. However, the main effect of GDPR is to make that much more challenging and to increase the penalties for non-compliance. For example, under previous regimes there was little pressure on companies to report data breaches when they occurred. Now the deadline is 72 hours. Not only is that a tough deadline to hit, but it will also compel businesses to tell the world that their systems have been compromised. In many ways it’s the reputational impact that companies fear the most. In a world in which data is fast becoming a valuable commodity, firms must maintain a high level of trust. That said, the penalties themselves are considerable. Flybe and Honda might have been smarting at their £80,000 fine but had that happened under GDPR the damage could have been significantly higher. Last year analysis by the NNC group warned that the total of £880,000 fines issued by the ICO between 2015 and 2016 would have been almost 80 times higher at £69million under GDPR. Talk Talk, for instance, had been fined £400,000 for allowing hackers to access customer2 data. Had GDPR been in place, the analysis claimed, the fine could have been £49million3. In comparison to the Data Protection Act, GDPR’s penalties appear draconian. Mild breaches may be subject to fines of up to e10million or 2% of turnover (whichever is higher) and serious breaches would attract fines of e20million or 4% of turnover.

The consequences for getting things wrong can be considerable and in some cases could present a serious risk to the future of a company

WWW.CEOREPORTS.COM | 7


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Those consent emails which became so ubiquitous highlight some of the problems that firms have understanding the scope and implications of GDPR

8 | WWW.CEOREPORTS.COM

The consequences for getting things wrong can be considerable and in some cases could present a serious risk to the future of a company. If, as appears to be the case, companies seem to be confused about the requirements of GDPR many firms could find themselves in serious trouble over the next couple of years.

GDPR Requirements The first task, then, is to develop an understanding of what GDPR demands and how this will translate to practical realities. The main requirements of the act are: • Consent: This must be clear, unambiguous and freely given. Denying service unless someone gives consent, for example, could be considered a breach. People must also actively opt-in rather than the previous passive opt-out option. •U se of data: Companies will have to obtain consent for each way they intend to use data. So, if a firm wants to share data with third parties and send marketing emails it must obtain consent for each of these actions. Consent forms, therefore, often have a range of options for customers to opt in or out. •T he right to be forgotten: Customers should be allowed to have control over their data. They have the right to know what data a company currently holds about them and have it modified or deleted if they wish. •N otification of breaches: Once a firm becomes aware of a breach it has a total of 72 hours in which to inform the authorities.

Firms will also be responsible for any data about their customers held with third parties. This is particularly important when using cloud computing services. If there is a lapse with a third party’s protocols, the original company will still be held accountable.

Getting a Grip on Data The hype surrounding GDPR is entirely justified. It represents the biggest overhaul in data regulations ever and it’s not before time. The last ten years have witnessed an unprecedented increase in the amount of data that companies collect and the way in which they use it. Regulation was badly lagging. While it certainly creates more challenges for companies, the value of data is such that companies will still want to hold and use it. To do so, though, data management capabilities must improve dramatically. Each company will need to know what data they hold on individuals, what levels of consent they have and be able to retrieve that data as soon as possible. For that they will need to bring in new members of staff and in many cases to invest in new IT infrastructure. Existing data management systems, in many cases, lack the sophistication and the capacity to provide firms with sufficient control over their data to comply with GDPR. The focus will shift to the next generation of data management software which can deliver enhanced data visibility, access and insight.


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Educating Employees About Data Jo Roth, Staff Writer Employees represent the biggest data risk companies face, so how can firms make sure everyone is up to speed with GDPR?

E

VEN THE toughest chain is only as strong as its weakest link, so the saying goes. In the world of business, that weak link is, in many cases, flesh and blood. Across the business world firms are investing considerable capital and resources into becoming GDPR compliant. However, in many cases they may have missed their most serious problem: their staff.

Total Education So far, 2018 has been a year of regulatory upheaval. We’ve already had a host of new regulations affecting many different industries. Many of the most important, such as MiFID II in the financial world, and GDPR revolve around the use of data. It creates a challenge for all firms, especially those which are covered by more than one of these rules. Not only do they have to update their infrastructure and understand new guidelines, but these can sometimes be contradictory. Take the example of MiFID II which requires financial institutions to maintain a complete record of all communications with clients about a deal. This has direct contradictions with GDPR. If a client requests their data be deleted, as prescribed by GDPR, a firm will be presented with a difficult conundrum – how to comply with GDPR’s right to be forgotten with MiFID II’s requirement that a complete record of customer dealings be maintained. If the rules are confusing for executives and experts, think how difficult it can be for individual staff members, and that is a serious issue for any company because every individual who works in a company is a potential security threat. Indeed, for all the efforts to improve the security of IT systems, the biggest weakness is still human. A Consensus survey in 2017 of IT professionals found that employees were rated the biggest security risk to companies4. Many of these breaches come through human error, but the threat of malicious insider attack is also considerable. The latest edition of Verizon’s Data Breach Investigations Report found that 25%

of all attacks over the past year were perpetrated by insiders5. Whether through innocent negligence or malicious actions, therefore, staff represent a serious risk for businesses of all kinds. Part of the problem is the level of access even junior members of staff often have and their importance to the way a company uses data. For example, anyone tasked with adding customer contact details to a database or emailing contacts could lead the company into a breach of its GDPR obligations. It’s a dangerous gap to leave but one many companies are not addressing. A survey from IT Governance found that only 10% of companies had provided GDPR compliance training to all of their employees, while only 53% were planning to provide staff awareness training in the future6. They recommend three quick tips to improve engagement: identifying areas of vulnerability, developing training methods and making sure training is continually updated.

Identify Gaps

Aside from cyber-risk, firms should analyse the way in which they collect and store data. In some cases, systems may need to be updated to give the firm enough control over the data it holds

The first task is to identify what risks the company faces and where it needs to improve. Because the use of data varies from company to company, these will be slightly different in each case. Many of the most common risks will be exposure to cyber threats such as ransomware and phishing. Ransomware, in which hackers deny access to computer systems, has exploded in recent years to the point that it is now a $2bn worldwide industry7. Phishing attacks are also becoming more convincing. Hackers are turning to social engineering techniques, which enable them to develop profiles of potential targets. Platforms such as social media can provide an enormous amount of information about companies and the people who work for them. Using this, perpetrators can impersonate banks and even work colleagues to create an elaborate and convincing mode of attack. Each of these attacks represents a threat against the integrity of IT systems, but they can WWW.CEOREPORTS.COM | 9


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

The rules of GDPR require the recruitment of someone with an expertise in data management rules and GDPR. That person can lead the GDPR strategy and establish companywide education for all team members

also place a firm’s compliance with GDPR in jeopardy. Staff will need to learn what threats exist and be educated about how to avoid them. Aside from cyber-risk, firms should analyse the way in which they collect and store data. In some cases, systems may need to be updated to give the firm enough control over the data it holds.

Develop Engaging Training Materials When delivering training, firms will need to know what training methods staff respond well to and which will be most effective at delivering a message. There are numerous options available from e-learning modules to seminars, information leaflets and gamification techniques where staff can perform certain tasks and their responsiveness can be measured.

Update Training Data risk is a constantly evolving issue. The attitudes of regulators are changing and new rules will come into force. Education will have to be an ongoing process with training methods being reviewed and staff receiving refresher courses at regular intervals. When new members of staff come into the company they will have to receive comprehensive induction training and institutional knowledge will need to be passed on from their predecessors. Unless companies maintain a comprehensive network of education, it is all too easy to fall behind and for gaps to appear.

10 | WWW.CEOREPORTS.COM

Recruiting the Right People In addition to these three tips, it is important for firms to acquire the right skills and experience within their team. The rules of GDPR require the recruitment of someone with an expertise in data management rules and GDPR. That person can lead the GDPR strategy and establish company-wide education for all team members. It is a good idea to establish a network of expertise throughout the organisation. The larger a firm is, the easier it is for the message to become muddled and for performance to vary between departments. Ensuring each department has a data management expert who can lead education will ensure your team stays on track. Compliance relies on a comprehensive approach which stretches across the entire organisation. It will require complete buy-in from all stake holders from the senior executives to the lowest paid office junior. All will have a role to play in maintaining the integrity of data and in delivering ongoing compliance. However, there is another issue which we will explore in more detail later in this Report. Education is fine. Providing the tools to build awareness and capabilities is to be encouraged, but there is no sure-fire way to be certain employees will stick to it. For that, firms will need to develop and maintain a positive culture and the best way to do that is a comprehensive strategy incorporating education, training, rewards, penalties and technology.


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

The Big Data Revolution Tom Cropper, Editor Next generation data management solutions can help companies unlock the full potential of big data.

I

F THE 19th century heralded the industrial revolution, we are currently in the middle of something which is almost as transformative: the digital revolution. Technology is dramatically changing every part of our lives from the way we interact to the way we buy products and the way we work. In the world of business, the biggest impact of technology is the proliferation of data.

Big Data This is the age of big data. Over the past ten years the rise of the internet, mobile technology and the Internet of Things (IoT) have sparked an unprecedented increase in the amount of data created. A recent report estimated that over 90% of the data ever created had appeared in the past few years, but this is nothing compared to what is to come8. A study from IDC predicts that the amount of data produced around the world will increase ten-fold to 163ZB by 2025, with most of this being controlled and managed by enterprises9. All that data has immense value to businesses. It can tell firms more about how their customers are using their products or services and what they would like to see; it can shed additional light on business performance allowing firms to see which areas are profitable and which would need a little more attention and it can track infrastructure and equipment more effectively. The nature of data is also changing. It is multiplying not just in volume but in the variety of structure. Aside from traditional structured data, such as facts and figures, businesses can capture a variety of unstructured data in the form of video and audio files. Social media also creates huge amounts of insight every day. It can show how a product is perceived and what customers are looking for. If gathered and analysed effectively, it can create incredibly valuable insights, which can improve marketing, product development and reputational management. All that data can funnel into a company and therein lies both the benefit and the challenge. This is an enormous business opportunity, but

only if the data can be captured. Somewhere amongst those millions of terabytes being created lie the insights which can transform the business, but sorting it and turning it into something actionable is another question issue entirely. Recently, the focus has also swung towards regulatory compliance issues. The dramatic increase in data has also increased the amount of information companies hold about us and our own exposure to data loss. The last few years have seen multiple incidents in which data loss caused major harm to customers. The recent IT crisis at TSB, for example, locked customers out of their accounts, made it impossible for businesses to make payments and put bank details at risk10. The data breach at Equifax affected 146 million11 people while the hack of Adult Friend Finder in 2016 exposed more than 400million profiles12. The implications for those whose personal details are accessed can be profound, leaving them exposed to fraud and in some cases public humiliation. Nowhere was this made clearer than when hackers breached Ashley Madison, the site which helps people to have affairs. The hack ruined careers, marriages and was linked to at least two suicides13. The regulators have been slow to catch up, but they have finally managed it with the arrival of GDPR and other regulations around the world. Each in their own way is designed to increase individuals’ control over their own data, to safeguard its use and to make firms accountable for the way in which they use information.

The dramatic increase in data has also increased the amount of information companies hold about us and our own exposure to data loss

Grabbing the Opportunity It is a combination of the new regulation and the sheer scale of data being produced which discourages many companies from fully embracing the age of big data. Firms are constantly balancing the opportunities data brings against the risks. The financial world, for example, can make enormous gains from big data. Insurance firms can use enhanced data gathered about its clients to increase the accuracy of their risk WWW.CEOREPORTS.COM | 11


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

The cloud dramatically expands the amount of data businesses can manage and enables them to increase the visibility of data between multiple departments

assessments and to provide their clients with a more personalised service. Investment firms can gain more insights into market trends to make better trading decisions and, on a more general note, businesses can improve their service offerings by deepening their engagement with customers. However, the financial sector is one of the most heavily regulated in the world. It is also the target of more cyber-attacks than any other sector, according to a report from IBM14. As such, they are stuck between wanting to embrace new technology to capitalise on the power of their data and being keen to avoid running into regulatory difficulties. As we’ve already seen in this Report, the size of the penalties GDPR might impose can be considerable and that can be enough to hold firms back.

Data Management The Next Generation Predictably, technology holds the key. 2017 was the year that enterprise cloud management finally became the norm, as even risk-averse companies began piling data into the cloud. According to Synergy Research, the cloud computing global market is now worth $180bn worldwide and is growing at 24% annually15. The cloud dramatically expands the amount of data businesses can manage and enables them to increase the visibility of data between multiple departments. The big drawback with the cloud is potential security concerns,

12 | WWW.CEOREPORTS.COM

especially for industries such as finance and health which manage high volumes of extremely sensitive personal data. However, as the technology evolves, security measures among most cloud providers have improved considerably, and even the most cautious of companies are becoming more comfortable. Storage capacity has grown thanks to the rise of all flash arrays. The success of this market has been tied in closely with the development of the cloud. The superior storage capacity and speed of flash is revolutionising the data storage market, increasing access to real time data and the reliability of systems. Data management solutions are also become more sophisticated and complex. However, the arrival of GDPR has muddied the water somewhat. When choosing a system, managers will need to select those which provide the functionality they need to ensure compliance. Among the capabilities they will need are backup, recovery and archiving capacities which create a single searchable pool of all structured and unstructured data, the ability to identify personal data, to search relevant data, who it belongs to and how it is being used. Several providers are offering data management solutions which are specifically designed to achieve GDPR compliance. Some will be better than others. To choose the best, managers will need to fully understand GDPR, what it requires and how it fits into their own data management strategies.


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

GDPR: Business Risk and Business Opportunity James Butler, Staff writer Data hygiene is crucial to avoid a fine, but it can also be a positive driver for business performance

H

OW CLEAN is your data? The chances are not quite as clean as you might hope. Many companies suffer from data overload. Such is the quantity of information they have collected about existing, past and potential clients, that they aren’t entirely certain what they hold or if all the data is legal.

Business Enabler This can create an enormous problem for satisfying GDPR. But data hygiene should not just be about avoiding fines, it can also create a positive return on investment. That message does appear to be making itself felt among companies of all sizes according to a report from Veritas16. They found that, while avoiding a fine from the regulators was the main reason why firms focused on data hygiene, they also saw it as offering a positive return on investment. By improving their compliance standing they hoped to realise several benefits including: •B etter data knowledge: 92% believed it would give more trust to their data. • I nsights: 68% believed they would gather strong data and gain additional insights about their business. • Save money: Those insights, according to 68% of companies, could help them identify ways in which they could save money. •P rotect data: Surprisingly enough, though, only 51% thought it would help them protect their data more efficiently. •H ire more people: By streamlining costs, 25% of respondents hoped to recruit more staff. • Increase revenue: Most importantly, one in five firms hoped the reduced costs would free up cash which could be used to invest in the company, drive innovations and improve financial performance. Establishing that business case is important because improving GDPR compliance can require significant investment such as staff recruitment or the purchase of new technologies. If managers only view data management as an issue of compliance or avoiding fines they will try

to get away with the bare minimum of investment. However, by going one step beyond, the report suggests, it is possible not only to reduce the risks of a fine but also to realise some of those gains.

Going Above and Beyond So how are they doing this? One of the most common approaches, according to the report, is a mix of training, rewards and penalties for staff. According to the Veritas report, 88% of organisations plan to drive staff engagement through a combination of rewards, training and penalties with many firms suggesting they may even include GDPR compliance as part of an employee contract. As such, if an employee’s actions cause a firm to breach GDPR compliance, they are aware that they will be held accountable. Rewards systems can encourage members of staff to take training modules and can incentivise them to continue to demonstrate their expertise. For example, if a firm already has an extensive company rewards system, employees could be provided additional vouchers or credits to increase the rewards they receive. The name of the game is to create a positive culture in which good behaviour is incentivised and bad behaviour is penalised. Staff will be encouraged to take responsibility for their actions and be accountable for how they adhere to GDPR requirements.

If managers only view data management as an issue of compliance or avoiding fines they will try to get away with the bare minimum of investment

Data Management Strategies Staff engagement can take a firm part of the way towards compliance, but the arrival of GDPR and the increasingly complicated demands of data will place the focus firmly on data management solutions. Several providers have been quick to market their solutions from the GDPR standpoint. However, the best platforms look for something more. These turn data from an issue of compliance into a key factor in strategic success. When viewed in this way data becomes the new currency. It is a way in which firms manage their engagement with customers and oversee WWW.CEOREPORTS.COM | 13


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

Staff engagement can take a firm part of the way towards compliance, but the arrival of GDPR and the increasingly complicated demands of data will place the focus firmly on data management solutions

14 | WWW.CEOREPORTS.COM

their operations, while also ensuring regulatory compliance. The aim should be to turn data into a strategic asset by harnessing the power of protection, visibility and insight. Protection ensures a platform in which all data management procedures adhere to the strictest security requirements. Visibility provides instant real-time views of data. It enables firms to comply with their GDPR requirements by being able to view the nature of data, what consent has been given and how the company uses it. That should be enough to satisfy the compliance side, but the real value comes in the third factor: insight. Enhanced data management capabilities can shed light on a number of crucial aspects of business performance such as financial management, product development and client engagement. The next generation of data management solutions aims to provide greater visibility of data. Veritas’ 360 Data Management Suite represents a perfect example of where this technology is heading. It amalgamates data from multiple clouds, reducing silos of information and providing complete data visibility to all stakeholders. It brings data together into one place. Data is easily accessible when it is needed, it’s visible

and protected. This is more scalable and cost effective than using multiple tools, security is more reliable and ensures secure backup of any workloads. The technology is vendor agnostic so, whatever virtualisation or hardware is used, it will be compatible and won’t hinder efforts at data management. Reports can offer a real-time view of information enabling businesses to see the true state of their data and gain enhanced analytics of their performance. It’s an all-in-one solution, sorting the useful information from that which can be discarded, increasing security and making it easier to fulfil regulatory requirements and demonstrate compliance. Such is the value of data to the future of businesses, that platforms like this can become a vital differentiator between firms. The value a firm gains from data management will depend on just how proactive they are and the capabilities of their software. At the thin end of the wedge they can save money and avoid fines, but as they gain more insights they can streamline operations, analyse performance and drive revenue. In this world of big data, systems such as these go from being an administrative function to a key performance enabler.


DATA MANAGEMENT SOLUTIONS FOR GOVERNANCE AND GDPR COMPLIANCE

References: Facebook and Google Targeted as First GDPR Complaints are Filed:

1

https://www.theguardian.com/technology/2018/may/25/facebook-google-gdpr-complaints-eu-consumer-rights 2

ICO Fines Flybe and Honda for Breaking Data Rules: https://www.theregister.co.uk/2017/03/28/ico_fines_flybe_honda/

3

Last Year’s ICO Fines Could Have Been 79 Times Higher: https://www.theregister.co.uk/2017/04/28/ico_fines_post_gdpr_analysis/

4

Employees Represent Biggest Security Risk: http://www.information-age.com/employees-represent-biggest-data-security-risk-123467472/

5

Data Breach Investigations Report: http://www.verizonenterprise.com/verizon-insights-lab/dbir/

6

GDPR Report: https://www.itgovernance.co.uk/gdpr-report

7

Ransomware is Now a $2bn a Year Criminal Industry: https://www.cyberscoop.com/ransomware-2-billion-bitdefender-gpu-encryption/

8

90% of all Data Created in Two Years: https://www.mediapost.com/publications/article/291358/90-of-todays-data-created-in-two-years.html

9

The Value of Data: http://www.information-age.com/data-forecast-grow-10-fold-2025-123465538/

10

TSB Crisis – What Happened and When Will Issues be Fixed?

http://www.theweek.co.uk/93365/tsb-it-crisis-what-happened-and-when-will-the-issues-be-fixed 11

12

Equifax Reveals Full Horror of Monstrous Cyber Heist: https://www.theregister.co.uk/2018/05/08/equifax_breach_may_2018/ 412 Million Friend Finder Accounts Exposed:

https://www.csoonline.com/article/3139311/security/412-million-friendfinder-accounts-exposed-by-hackers.html 13

Two Suicides Linked to Ashley Madison: http://www.dailymail.co.uk/news/article-3208907/The-Ashley-Madison-suicide-Texas-police-chief-takes-life-just-days-email-leaked-cheating-website-hack.html

14

Financial Services Sector Most Attacked in 2016: https://www.scmagazine.com/financial-services-sector-most-attacked-in-2016-ibm/article/653706/

15

Global Cloud Computing Market:

https://www.cloudcomputing-news.net/news/2018/jan/05/global-cloud-computing-market-revenues-reached-180-billion-past-year/ 16

71% of Organisations Plan Bold Steps in Creating a Culture of GDPR compliance: http://bit.ly/2JP8BBv

WWW.CEOREPORTS.COM | 15


DATA STORAGE SOLUTIONS FOR MODERN ENTERPRISE APPLICATIONS

Notes:

16 | WWW.CEOREPORTS.COM


CEOs Find Solutions To Their Business Challenges With CEO Reports

For the past decade, CEO Reports has been helping CEOs and their management teams to find new solutions to their commercial, technical and operational challenges. Our Special Reports provide readers with an unparalleled depth of information on specialist subjects, which receive limited coverage in the mainstream business media. Each report is designed to help CEOs to make more effective business decisions, by providing a unique mix of: • Subject specific technical information • Insight and knowledge from internationally recognised key opinion leaders • Independent data and analysis • Unbiased editorial content

subscriptions@globalbusinessmedia.org www.globalbusinessmedia.org



Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.