How CSOs can overcome post-Brexit data protection challenges
Brexit has been chomping at the tails of data-driven businesses for long enough – but are they truly prepared for life on the other side? The deal on the future trading relationship between the UK and EU was reached on Christmas Eve, and was largely welcomed in the hope that it would provide greater transparency, trust and confidence in the Digital Sector. But the reality is that much confusion is still afoot.
The EU’s recent decision to allow data flows to the UK will have come as a relief to many, however, leaders must not rest on their laurels where data protection and management is concerned. While today the UK continues to retain the GDPR principles, Brexit means that these could be replaced with something completely different over time – if the UK chooses. As such, Cyber Security Officers (CSOs) on both shores of the English Channel must keep their eyes fixed tirelessly on the changes, and potential challenges, that lay ahead.
While ready to rise to a new era in data management, they can’t navigate it alone. Those that work collaboratively with legal and policy will conquer even during mass uncertainty.
Preparation starts with education. We must understand that the UK’s position is not anomalous but rather the same as other countries outside of the EU. And there are a few key implications that come with this. For example, while the GDPR still applies, the way in which UK businesses interact with European data protection authorities has changed. The bottom line is that businesses are being forced to rethink protections around the transferring of data from both sides of the fence.
By virtue of leaving the EU, the UK has added another layer of complexity to the environment, leading to greater infrastructure complexity. This will require combining the power of three essential knowledge sets including security, data and legal to lead the way.
Cushioning uncertainty with agility
Perhaps the hardest part of these preparations is the general level of uncertainty. For example, while Brussel’s decision means the UK continues to retain the GDPR principles, it could at some point choose to replace the UK GDPR with something completely different. This would require much more radical changes from European businesses and regulators alike.
Meanwhile, as the UK gets to grips with its new position in the data jurisdiction, it is likely that it will over time create new governing bodies, policies and regulations – and businesses will have to keep up with any changes. It could be that a rethink around relationships and communication is in order when it comes to reporting, for example.
The real challenge that CSOs face is knowing how to build a ‘future-ready’ digital infrastructure, one that complies with current laws but is agile enough to be adapted with future laws. The key is letting customer needs dictate your choice of technology rather than the law in play.
Take data protection, for example, not having put in place the necessary controls to identify, track and anonymise data is a serious matter. But not just because the law says so. Successful brands are those that respect their customers. They not only control and protect their customers' personal data to avoid fines but understand that privacy is a game changer when it comes to a successful customer experience.
For this, these brands will likely over index on technologies including cloud and ML-aided automation. Not only can these technologies enable a single view of all their data sources, databases, and applications but help to manage control and consent. What’s more, these technologies can also ensure the processing of structured and unstructured data, both historical and real-time, so brands can better predict attacks and respond as they happen.
Learning the lay of the land collaboratively
Just as the introduction of GDPR brought stakeholders across businesses together to ensure complicity, creating more dynamic, data-driven businesses – Brexit can be seen as a similar opportunity. Slicing through the uncertainty with a collaborative, multi-faceted approach will ensure businesses are covered from every angle.
This is when collaboration with the legal and policy leaders is critical. As our regulatory landscape continues to evolve, working very closely with policy and legal to make the right decisions from a holistic viewpoint is absolutely critical.
Security, supply chain, and risk management are all hot topics as they look to understand precisely what the partners with whom they share their data do with it – because ultimately, they are responsible for this. Spending more time with privacy specialists is going to be essential when it comes to getting this right. As the old saying goes, a problem shared is a problem halved.
The truth is, it is not possible to eliminate all threats and keep the business running, nor create the perfect digital infrastructure. Rather, the emphasis should be on being prepared for every eventuality and poised to adapt.
As we look ahead post-Brexit, being prepared means organising on a business, national and regional level, positioning to protect organisations, employees and citizens. Managing complexities effectively will better prepare businesses to find the root cause of an incident or attack when it happens. Speed and agility continue to be business critical.
By Anne Hardy, CISO, Talend