How CSOs can overcome post-Brexit data protection challenges
Brexit has been chomping at the tails of data-driven businesses for long enough – but are they truly prepared for life on the other side? The deal on the future trading relationship between the UK and EU was reached on Christmas Eve, and was largely welcomed in the hope that it would provide greater transparency, trust and confidence in the Digital Sector. But the reality is that much confusion is still afoot.
The EU’s recent decision to allow data flows to the UK will have come as a relief to many, however, leaders must not rest on their laurels where data protection and management is concerned. While today the UK continues to retain the GDPR principles, Brexit means that these could be replaced with something completely different over time – if the UK chooses. As such, Cyber Security Officers (CSOs) on both shores of the English Channel must keep their eyes fixed tirelessly on the changes, and potential challenges, that lay ahead.
While ready to rise to a new era in data management, they can’t navigate it alone. Those that work collaboratively with legal and policy will conquer even during mass uncertainty.
Preparation starts with education. We must understand that the UK’s position is not anomalous but rather the same as other countries outside of the EU. And there are a few key implications that come with this. For example, while the GDPR still applies, the way in which UK businesses interact with European data protection authorities has changed. The bottom line is that businesses are being forced to rethink protections around the transferring of data from both sides of the fence.
By virtue of leaving the EU, the UK has added another layer of complexity to the environment, leading to greater infrastructure complexity. This will require combining the power of three essential knowledge sets including security, data and legal to lead the way.
Cushioning uncertainty with agility
Perhaps the hardest part of these preparations is the general level of uncertainty. For example, while Brussel’s decision means the UK continues to retain the GDPR principles, it could at some point choose to replace the UK GDPR with something completely different. This would require much more radical changes from European businesses and regulators alike.
Meanwhile, as the UK gets to grips with its new position in the data jurisdiction, it is likely that it will over time create new governing bodies, policies and regulations – and businesses will have to keep up with any changes. It could be that a rethink around relationships and communication is in order when it comes to reporting, for example.
The real challenge that CSOs face is knowing how to build a ‘future-ready’ digital infrastructure, one that complies with current laws but is agile enough to be adapted with future laws. The key is letting customer needs dictate your choice of technology rather than the law in play.
Take data protection, for example, not having put in place the necessary controls to identify, track and anonymise data is a serious matter. But not just because the law says so. Successful brands are those that respect their customers. They not only control and protect their customers' personal data to avoid fines but understand that privacy is a game changer when it comes to a successful customer experience.
For this, these brands will likely over index on technologies including cloud and ML-aided automation. Not only can these technologies enable a single view of all their data sources, databases, and applications but help to manage control and consent. What’s more, these technologies can also ensure the processing of structured and unstructured data, both historical and real-time, so brands can better predict attacks and respond as they happen.
Learning the lay of the land collaboratively
Just as the introduction of GDPR brought stakeholders across businesses together to ensure complicity, creating more dynamic, data-driven businesses – Brexit can be seen as a similar opportunity. Slicing through the uncertainty with a collaborative, multi-faceted approach will ensure businesses are covered from every angle.
This is when collaboration with the legal and policy leaders is critical. As our regulatory landscape continues to evolve, working very closely with policy and legal to make the right decisions from a holistic viewpoint is absolutely critical.
Security, supply chain, and risk management are all hot topics as they look to understand precisely what the partners with whom they share their data do with it – because ultimately, they are responsible for this. Spending more time with privacy specialists is going to be essential when it comes to getting this right. As the old saying goes, a problem shared is a problem halved.
The truth is, it is not possible to eliminate all threats and keep the business running, nor create the perfect digital infrastructure. Rather, the emphasis should be on being prepared for every eventuality and poised to adapt.
As we look ahead post-Brexit, being prepared means organising on a business, national and regional level, positioning to protect organisations, employees and citizens. Managing complexities effectively will better prepare businesses to find the root cause of an incident or attack when it happens. Speed and agility continue to be business critical.
By Anne Hardy, CISO, Talend
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”