By Bernd Beimdick, CTO, mozaiq
Since May 25th, companies are bracing themselves for the introduction of GDPR and with good reason. The law dictates that companies must disclose personal data breaches to regulators within 72 hours of becoming aware of the breach. Failure to do so will incur heavy penalties of either 20 million Euros or 4 per cent of global turnover. For small businesses this could be potentially crippling but for larger businesses it still represents a good chunk of their revenue. But, ultimately GDPR is good for all businesses.
First, if one good thing can come from the introduction of GDPR, it is that it has forced disparate business units from the same business to sit together and consider the importance of data protection with the customer front of mind. What service it offers, who the service is for, what is the goal and ultimately what is the potential risk? Thinking about the worst case scenario should something go wrong is ultimately more useful for the customer. It’s good for companies to remember that they are producing services to serve people – and not to produce processes.
The second advantage is that it forces companies to look at their business and their security practices as a whole. This gives everyone a chance to rethink how the business is organised and whether the current way of working is the most effective one. There is a risk of security teams acting in a silo and this is precisely what leads to breaches.
The risk also increases the more touch points you have within your business. Breaches could come just as easily from service providers or suppliers with a lower standard of security as from an employee who is not conscious of the potential dangers. GDPR has therefore invited companies to rethink their business and security practices in a holistic view, addressing all security processes, and the need to think horizontally. Particularly for smaller businesses, for whom one GDPR violation could be fatal, it has forced a way of thinking about cybersecurity that will only help them in the long run.
Ultimately, GDPR will contribute to a stronger and more flexible business ecosystem.
GDPR will involve the c-suite in the security process from scratch
Yes, the GDPR will involve the c-suite in the security process from the very beginning. Their involvement will increase pressure on the security experts within the business to take action. The c-suite will be the ones to educate and generate understanding within every department of the company and remove the silos that could prevent good cybersecurity practise.
Ultimately, GDPR will contribute to a stronger and more flexible business ecosystem. Particularly for a business such as ours, which works with IoT solutions providers from across Europe, GDPR has further encouraged closer collaboration with our business partners. Considering the amount of data that passes between companies during such transactions, this increased scrutiny on each other can only help to serve our business as a whole as we work to tighten cybersecurity practises.
GDPR forces us to communicate.
GDPR is not just a case of more security and more process for its own sake
GDPR forces us to communicate. It forces us to innovate and tighten our practices to make the services we provide and the data collected as a result as bulletproof as possible. Then we can truly deliver on what the IoT industry has promised: instant and seamless communication between devices for the benefit of the consumer. The introduction of GDRP is actually an opportunity for companies to ensure that their business models are sustainable, ultimately encouraging them to work in a safe and efficient manner, while respecting the privacy of the individual. So while it may be a headache now, ultimately the introduction of GDPR will be good for businesses and their customers.