Whatever the trigger, significant technological and other business changes should never damage your customers’ trust in you. This means keeping their personal data safe. In fact, done well, data protection ought to increase confidence in your business. How to get there? It starts, as with many things, with a detailed understanding of the challenges and strong governance around the solutions.
20 June 2022 • 4 min read
If you are currently accountable or responsible for processing data, you might be feeling the pressure. Today, it feels customers are more demanding and cyber-crime threats are growing daily. However, it’s worth pausing to reflect. Today, data protection, in general, is increasingly perceived as adding value.
This is backed by survey data. For example, the proportion of German consumers who were sure, or very sure, their data was safe on the internet grew from 13% in 2014 to 29% in 2020. In our cynical world, this improvement feels worthy of celebration.
As well as this steady improvement and development, our Governance, Risk and Compliance (GRC) teams are usually involved when our clients are planning or expecting major strategic changes that may directly or indirectly impact on data use.
All our work is based on capturing and responding to customer requirements. Each comes with unique data flow and storage arrangements, for example. They will come with their own project technical and commercial measures of success in place. Their attitudes to risk will also differ. A luxury retail client, for example, might put greater weight on protecting data than its competitors. Harrods of London is famously intolerant of tabloid snooping. Finally, each customer will apply data protection law according to their own interpretation.
Despite this varied and complicated picture, there are enough commonalities across our work and established best practice to share key lessons.
IBM’s System/360 hardware arrived on the scene in 1964 as the first real commercial computing solution. Germany’s first data protection legislation followed in 1970. In September that year, the Hessian State Parliament passed a Data Protection Act. The next big step in German data protection law came in 1983. The Constitutional Court established fundamental rights of informational self-determination. These state that individuals own, and can control, their personal data.
Other countries’ legal frameworks generally followed in parallel. The current EU-wide General Data Protection Regulation (GDPR) came into force in 2018. It should be noted that it’s best practice to assume the provisions of the GDPR apply to any organization processing data of EU citizens. We helped a client in Switzerland, for example, keep their German employees’ data safe in line with EU law.
If legal aspects of data protection have moved relatively slowly over the last 50 years, the same cannot be said for technology. How much data we share and how and why we share it have changed beyond measure.
If legal aspects of data protection have moved relatively slowly over the last 50 years, the same cannot be said for technology. How much data we share and how and why we share it have changed beyond measure. The scale is immense. The world is expected to be juggling 175 trillion gigabytes (zettabytes) of data by 2025. One hundred trillion seconds equates to three million years, if you were wondering how big that number was.
In the case of our personal data, this all needs protecting and, at the same time, to be instantly accessible. We are now used to using our smartphones to do everything, from paying bus fares and buying coffee to monitoring our health and watching the latest blockbusters. As a result, the technology surrounding data protection has become an incredibly complex landscape.
If changing data protection policies and procedures in 2022 is difficult, why do it? A trigger for some is, naturally, a breach of the rules. Examples still regularly reach the press such as a Dutch airline, fined €400,000 for letting hackers download 83,000 customer records. Financial costs aside, the real impact of being caught is reputational. Problems, once identified, need to be taken seriously and improvements implemented transparently. Trust is easily lost and is hard to recover.
Change, however, needn’t be a response to bad news. NTT DATA’s work is often part of positive business planning. We helped a bank modernize, for example, as they moved away from fixed infrastructure to the cloud. The GRC Consulting team often works with clients around outsourcing business processes too. Successful human resource management depends on efficient and secure management of employee data. Organizations wishing to manage customers through third parties also need to carefully consider where and how their data is shared.
Rather than acting as a barrier to change, keeping data safe and secure ought to be seen as a valuable addition to improvement.
In these circumstances, data protection can fall into the trap of defining what can’t or shouldn’t be done. This view is always an important one to challenge. Rather than acting as a barrier to change, keeping data safe and secure ought to be seen as a valuable addition to improvement.
In the effort to not fall into this trap, it can be challenging to know where to start. We recommend beginning by building a data governance framework that takes into account different data processing requirements in an integrative approach.
It is important to leverage the capabilities of the entire enterprise as you consider the data protection organization within it. Working in silos is best avoided.
It is here where you define your data handling strategy, including setting protection goals and defining roles and responsibilities. You should take into account and supplement specifications and guidelines from various management systems too. Data protection, information security and risk management all need to be involved.
Outside eyes can galvanize efforts across different business units and project teams.
It pays to be pragmatic and balanced. Policies that are too restrictive can be just as damaging to your business as those seen as too lax. This will also depend on how mature your organization is. If it’s well-established, a light touch may be all that’s required. If you’re still at the very beginning of your journey, you may need to prioritize data protection to avoid it becoming an issue down the line. It is often useful to get external help here. Outside eyes can galvanize efforts across different business units and project teams. An external Data Protection Officer might prove a catalyst.
Whatever your starting point, with a strong data governance framework in place, you’re well on your way to keeping data safe in the long run. What’s more, your customers, colleagues and the wider communities you work with will have greater confidence in you. Building and extending trust is always the goal.
Discover more inData privacy
Does today’s need for cyber vigilance conflict with the move towards organisational intelligence and its need to share data? We believe the opposite is true – robust cybersecurity can be a powerful enabler of progress.
01 February 2022 • 3min read
Ignore digital trust at your peril. Customers are talking with their feet, cutting ties with brands that display poor data security. The essential ingredient, in this age of digitization and mass data collection, is unwaveringly strong cybersecurity.
20 July 2022 • 4min read
Businesses strive to create new technologies, products and services that reshape or even disrupt their markets. Yet businesses also need to understand they must innovate sustainably and ethically. With pressure to innovate quickly - bias, ethics and discrimination can easily be forgotten.
01 February 2021 • 5min read
Obtaining data can open up a whole wealth of business opportunities, as long as the data is valid and trustworthy. However, having incorrect, outdated or inaccurately sampled data can be damaging and costly. In such turbulent times, how can we secure data integrity for the best outcomes for businesses?
13 June 2022 • 6min read
The different needs of cybersecurity continue to evolve, in the same way that businesses must adapt and respond to these cybersecurity risks and challenges. Partnerships are just one of the many ways in which businesses can protect themselves and move with the times.
20 June 2022 • 4min read
The zero trust journey is all about taking measures to assure your business security at every level. While it sounds complex, it is more simple than it seems, and is worth every effort to ensure that access to data is only granted to those who have sufficiently proved their identity at every stage necessary.
13 June 2022 • 4min read
As our digital abilities become increasingly sophisticated, our cybersecurity measures develop at the same pace that a cybercriminal’s savviness also can. Businesses must continue to take the right measures to protect their futures with the developments of remote access and other digitization efforts.
22 June 2022 • 5min read
If the modern firm is an organism living through rapid and complex changes in its ecosystem, then data insight provides its sensory information. Using data to drive decision-making, as has long been the case for telecoms companies, holds the key to continual adaptation and improvement.
01 June 2021 • 4min read
Companies that want to differentiate themselves will have to take a long, hard look at their practices around safeguarding customer data. Practices need to comply with the relevant laws, of course, but they also need to be rooted in ethics. Risk governance technologies make it easier than ever before for companies to be both compliant and ethical – and prove to customers they can be trusted.
20 July 2022 • 4min read
In a post-pandemic world of rising prices, broken supply chains and disruptive technologies, where do trust and transparency fit? Are they nice-to-have luxuries or essential components of success? If they are essential to success, how can businesses deliver them to increasingly cynical consumers?
20 July 2022 • 5min read
New and evolving technology landscapes need evenly-matched cybersecurity: as new opportunities arise through digital tools, so too do new risks. Using a framework such as Zero Trust – which assumes every entity attempting to access the system or network may have malicious intent and therefore, as a default, should not be trusted – provides the visibility and controls needed for modern businesses to protect themselves and their customers.
19 July 2022 • 1min read