On May 25, 2022, NetSPI Managing Director, Steve Bakewell, was featured in an article in Enterprise Security Tech called Experts Share How Far We’ve Come and What We’re Still Missing. Preview the article below, or read the full article online.
May 25 marks four years since the introduction of GDPR, a law that completely transformed how organizations collect, store and protect user data. We heard from cybersecurity and privacy experts on how GDPR impacted the industry and their current thoughts on the law today and how it might impact the future.
Steve Bakewell, Managing Director EMEA, NetSPI
“On the fourth anniversary of the GDPR, it’s fair to say the legislation has impacted both consumers and companies alike. Consumers are more aware of the value of their personal data and how companies collect and use it, which is increasingly informing the choices they make as well as the brands and services they trust. Data breach notification rules have increased transparency and cookie warnings are everywhere, yet remain inconsistent. This lack of consistency is being addressed by the EU within its wider ePR (ePrivacy Regulation) update, which serves as an example that regulations tend to change over time.
Companies have done a lot of work to bring their systems and processes inline with the GDPR, but it is a continuous exercise. In the same way regulations change, so does technology. For example, the increasing uptake in cloud services has resulted in more data, including personal data, being collected, stored and processed in the cloud.
Moving forward, companies should be confident they have mapped out the data lifecycle for the organisation, including what it is, where it is, how it is collected, stored, processed and deleted. Understand and implement both privacy and security requirements in systems handling the data, then test accordingly across all systems, on-prem, cloud, operational technology, and even physical, to validate controls are effective and risks are correctly managed.”
Read the full article online.