INDUSTRY WATCH
“BEFORE IF YOU WERE
THE DATA CONTROLLER
YOU DIDN’T NEED TO
KNOW WHAT ALL THE DATA
PROCESSES WERE DOING
– DOWNSTREAM WAS NOT
YOUR CONCERN. IT IS NOW.”
Dr Jacqui Taylor, founder of
flyingbinary.com
the second or last to do it. Just to view
GDPR’s threat landscape, which is what
people are talking about, is missing the
point. It’s an opportunity to leverage IoT.
Can you explain the link between
complying to the GDPR regulations
and leveraging for IoT?
A RegTech solution for GDPR, such as
FlyingBinary’s industry leading cloud
service incorporating Commvault
technology, has already architected the
foundation for the move from DT to
IoT. This is because it has democratised
the data beyond the IT department
and has delivered a self service model
for non data specialists to demonstrate
compliance of a complex and onerous
regulation as a cloud service provision.
IoT services can only be provided using
cloud technology in order to provide the
scale required. To move from this DT
approach to IoT does not need a new
cloud service to be purchased, merely
extended to include the additional
data from IoT and additional security
controls for the IoT data to be streamed
into the RegTech service.
How would you persuade companies
in the Middle East to comply? How would people
demonstrate compliance?
The first thing I would use is the threat
landscape because it’s the one that
reasonates with boards, and particularly
CFOs. The fines are 4% of global
turnover or 100,000 Euros for an SME. I don’t believe you can do this piece
of work without technology, it’s a
technical lever you are going to pull
and one of the core components
we have is a compliance engine to
know whether you are compliant or
not but then that has to be surfaced
to an auditor by an analytic service
so it’s a cloud stack that is purpose
built in order to meet the 12 areas of
compliance that needs technology.
If you are processing any European
data you are already liable. Under
the old legislation if you were data
controller what the data processing was
doing was not your problem – it is under
GDPR whether you like it or not. If you
are relying on European data you are
already involved. To be unsighted on this
I would say is a risk you can’t take.
Can you explain what RegTech is? Number two. In order to meet this
regulation, to prove what is quite
an onerous audit requirement, you
actually have to take an IoT approach.
IoT only works on cloud, you can’t do
it any other way so you would take
a cloud first approach, you would
implement the requirements of the
regulation – that’s the beginnings of
your IoT leverage. The opportunities
are the two times to 60 times multiplier
– would you turn that down?
RegTech is technology specifically
built to demonstrate compliance to
regulatory or legislative change. The
technology design considers what will
be required for auditors to be satisfied
that compliance has been achieved. So I would say focus on the threat
landscape – as a CIO your job probably
depends on it – but I would focus on
the fact it is an opportunity to create a
technical landscape that is IoT driven and
then the leverage from that is beyond.
www.intelligentcio.com
The existing software in Europe is
focused on a transaction – this is about
personal data so a transaction does
not cut it . How do you respond to an
auditor who walks through the door
saying ‘we believe you have a data
breach and we want to see what you’re
doing? You’ve got to be able to put this
together from a people point of view.
When you look at the audit requirement
a European citizen can disagree with
what you are doing with their data and
want it changed. So now you have to
know from cradle to grave everything
that has happened to that data for
that citizen and you have to know it for
365 days a year, seven days a week, 24
hours a day – that is a real problem.
It’s mandated from May 25 2018 but
what I say to CXOs is ‘this is a 20 year
proposition’, this is not a day this is
INTELLIGENTCIO
77