EDITOR’S COMMENT
GDPR compliance will
boost value of data
Arun Khehar at Oracle explains why the upcoming
General Data Protection Regulation will boost
enterprises to recognise the value of their data.
D
ata is an increasingly valuable
asset, and those businesses best
set up to extract maximum value
from the data they collect and create
are in a very strong position to succeed.
But there are still significant hurdles to
overcome, not least related to compliance
and security.
In May 2018 the introduction of the
EU’s General Data Protection Regulation
will be the latest high-profile example
of new regulation imposed on the way
organisations handle and use data,
specifically consumer data. And while it is
an EU regulation, its impact will be felt by
any organisation doing business in the EU.
With companies who do not comply
with General Data Protection Regulation
facing tough financial penalties of up to
4% of their global turnover, it would be
easy to assume all have rallied to ensure
compliance. However, Gartner has
predicted that 50% of companies will miss
the General Data Protection Regulation
deadline significantly.
Of course, while complying with the
letter of specific laws can be a painstaking
process, the wider need to continually
review, refine and improve on existing
compliance and security measures should
be hard-wired into the ways of working
of every business that handles valuable
data. It should not take new regulations to
make a company assess whether it is doing
enough to protect its data.
So how do businesses approach
the task? At the heart of General Data
Protection Regulation is a clear focus on
assessment, prevention and detection
and those are useful, albeit high-level
14
starting points for every business seeking
to protect its data and treat it with respect
and responsibility.
Assess: Assessment is crucial. A lot of
organisations have grown in a piecemeal
fashion, with lines of business working
in isolation and introducing their own
applications and processes.
Similarly, some employees may,
over time, circumvent rules and policies
in ways that make sense to them, but
which undermine data protection and
compliance. Organisations need to have an
accurate picture of the problems they face
before they can fix them.
Prevent: Once organisations know
where their data resides and how it is used,
they need to be able to set and enforce
rules and implement robust defenses
that prevent unauthorised actions. This
includes protecting against threats inside
and outside the organisation, whether
accidental or malicious. The next step
is taking measures to prevent anybody
outside the organisation, or anybody
without privileged access, from using
sensitive data.
Encryption is one highly effective tool
to accomplish this, as are tokenisation,
data masking, anonymisation and robust
access controls. Businesses should also
review the data they use to understand
what controls are best suited to each
circumstance. For example, anonymising
customer data may have little impact its
usefulness for analysing sales trends but
does dramatically reduce the sensitivity of
that data.
Detect: Vigilance is a vital part of
compliance and security best practices.
Arun Khehar, Senior Vice President for
Applications Business, ECEMEA, Oracle.
Automation can play a significant role
in identifying anomalous behaviour and
implementing defensive measures, based
on established threat criteria. Systems
need to be able to make smart assessments
of who is accessing information, as well as
when and why, and base responses on pre-
agreed threat criteria, such as locking out
a user before they are able to access, move
or use sensitive data.
Deadlines such as General Data
Protection Regulation do a good job of
focusing the mind, but while regulations
may seem onerous, businesses should
not wait for regulatory encouragement
to treat their data as precious. As a sign
of their ambition to succeed in a data-
driven economy, where knowledge is most
definitely power, businesses should love
their data enough to want to protect it at
all costs.
If they do, they will have the confidence
and capability to really explore the full
value of their data. Because compliance is
the starting point for digital success, not
an end in its own right. In a data-driven
economy, compliance is a necessity, but it
is not a differentiator. How businesses use
their data to unlock valuable insights and
design new businesses models and better
tailor services to their customers will be
what sets them apart and what makes
them love their data even more.
Issue 14
INTELLIGENT TECH CHANNELS