VMblog: 4 Years of GDPR: Expert Commentary Shared

On May 25, 2022, NetSPI Managing Director, Steve Bakewell, was featured in an article in VMblog called 4 Years of GDPR: Expert Commentary Shared. Preview the article below, or read the full article online.

+++

Wednesday, May 25th marks the four year anniversary of the EU-wide General Data Protection Regulation (GDPR) enforcement. It comes as a timely reminder to all of us about the importance of data privacy as an increasing number of cyberattacks continue to take place. 

To commemorate the milestone during this anniversary period, a few industry experts from various companies have shared their expertise and thoughts with VMblog.

Steve Bakewell, Managing Director EMEA, NetSPI:

“On the fourth anniversary of the GDPR, it’s fair to say the legislation has impacted both consumers and companies alike. Consumers are more aware of the value of their personal data and how companies collect and use it, which is increasingly informing the choices they make as well as the brands and services they trust. Data breach notification rules have increased transparency and cookie warnings are everywhere, yet remain inconsistent. This lack of consistency is being addressed by the EU within its wider ePR (ePrivacy Regulation) update, which serves as an example that regulations tend to change over time.

Companies have done a lot of work to bring their systems and processes inline with the GDPR, but it is a continuous exercise. In the same way regulations change, so does technology. For example, the increasing uptake in cloud services has resulted in more data, including personal data, being collected, stored and processed in the cloud.

Moving forward, companies should be confident they have mapped out the data lifecycle for the organisation, including what it is, where it is, how it is collected, stored, processed and deleted. Understand and implement both privacy and security requirements in systems handling the data, then test accordingly across all systems, on-prem, cloud, operational technology, and even physical, to validate controls are effective and risks are correctly managed.”

Read the full article online.