How are businesses navigating our ever-evolving data and cybersecurity landscape?
Businesses across Europe were scrambling to become GDPR compliant as the General Data Protection Regulation (GDPR) deadline approached on May 25th last year.
While transparency and compliance were the buzzwords of the moment just over twelve months ago – there wasn’t nearly enough emphasis on the security measures businesses needed to put in place to sufficiently protect customer data.
Instead the focus was primarily on whether consumers would ‘opt out’ of sharing their Personally Identifiable Information (PII) with brands. This, of course, is an essential strand of GDPR. Nevertheless, many companies underestimated just how challenging it would be to protect consumers’ data.
One year on and numerous data breaches and leaks later, consumers are losing trust in data owners. The question has shifted from “why do brands need my data?” to “will you look after my data if I share it with you?”
So, what have businesses learnt and how can they better navigate data regulation and website security in the year ahead?
Data owners that aren’t compliant pay the price
Big fines for well-known businesses hit the headlines soon after GDPR came into effect. One of the biggest fines of the year went to Facebook at $1.6billion for breaching the data of nearly 50 million users.
However, it’s costing businesses a great deal more than just fines. The disruption of a breach has a significant impact on an organisation – from revenue loss to system downtime, as well as legal implications. The most critical consequence, however, is that it damages customer trust and can destroy brand reputation.
Businesses must be accountable in order to succeed
There’s no denying that the majority of organisations have made efforts to develop a more robust approach to data privacy. Crucially, businesses are taking steps to be more accountable and transparent when it comes to data – from why they need it, to how it is stored.
Take Apple for example. The brand introduced a tracking prevention system for Safari called Intelligent Tracking Prevention 2. ITP 2.0 blocks all tracking cookies unless they use a subdomain of the site’s primary domain. The organisation also implemented a new consent system for cookie tracking, establishing that control and transparency are key components in nourishing good customer trust.
Yet, this isn’t the case across all organisations. Recent research from nCipher Security found 71 per cent of UK C-suite professionals are willing to cover up a data breach if they could escape fines. What’s more, our new research reveals that only 34.5 per cent of executives say they’ve fully implemented policies related to client-side website security of customer data. This isn’t acceptable in today’s data economy and businesses that aren’t transparent or taking cybersecurity seriously will lose industry confidence and consumer trust.
Data governance is acting as an impetus for businesses
For some businesses, GDPR was a revelation, opening eyes to the scale of risk that cybersecurity presents. It also shone a light on the need for consistent and constant data governance.
Governance frameworks are helping businesses to implement new processes in a manner that ensures they can be upheld. They are enabling organisations to deeper examine their security and privacy protocol - ultimately improving their practices and making sure all their stakeholders better understand them.
Businesses must keep cybersecurity front of mind
While many things have changed over the past year and the data privacy landscape has improved as a result of GDPR, businesses are still at risk of exposing customer data.
Hackers will always look to exploit customers’ data – organisations are in a constant battle to protect against new hackers and evolving threats. This means that businesses need to constantly - and in some cases, start to review the security of customer data touch points where they could be most vulnerable, such as their websites. Businesses can only put preventative cybersecurity measures in place once they identify and understand where possible security risks are.
GDPR has signalled a new defence principle. But, GDPR compliance alone will not prevent a data breach or leak. Data owners must stay alert and employ a holistic cybersecurity strategy to protect their customers’ data and prevent the negative long-term implications that stretch beyond ICO fines and GDPR.