Data and privacy: investing is an obligation, perhaps an advantage
January
2020
The priorities: investments not only on infrastructures, but also on the human factor
Investments will focus on areas that have been somewhat neglected so far (such as the incident management procedure, the modification of IT applications or the management of clients and suppliers), or perhaps on what are considered the priorities: infrastructures first of all, with the improvement of IT security systems and risk assessment, but also the human factor, that is, staff training and awareness on privacy management procedures. The latter is especially relevant for companies operating in sensitive sectors for data processing, for example, companies that deal with health activities, finance, but also public administration.
The growing attention for the human factor, which not surprisingly increases for those companies most exposed to the public and consumers, is also linked to the fact that this element worries more about external threats when dealing with personal data. There is the perception that the awareness of employees and managers regarding risks is low, that legal competence is lacking, that human error is frequent.
GDPR and growing breach: is awareness growing too?
The research carried out by DNV GL takes into account the relationship between companies and privacy and information security: a relationship still under construction also in Europe, 18 months after the introduction of the European General Data Protection Regulation, even though data on violations continue to show a growing trend. The Data Breach Barometer presented at the International Cybersecurity Forum in Lille speaks of 5.7 violations notified per day in the first half of 2019, compared to 4.5 in the previous semester, and of five sectors mostly affected: scientific-technological sector, commerce, finance, public administrations, reception and food/catering activities.
Beyond compliance, a driving factor for development
«Today, data protection is undoubtedly one of the most pressing areas of risk for companies, with implications that go far beyond compliance - underlines Luca Crisciotti, CEO of GNV GL Business Assurance - Regulations such as the GDPR imply the ability to satisfy legitimate client requests for the protection of personal data and may have effects on the corporate reputation or business continuity. An appropriate approach is no longer an option, but a crucial requirement». Numbers seem to give less certainty for the moment: less than 40% consider privacy very important for business strategies, even if the percentage increases if one considers business developments within two years, and the reasons for investing in data protection are mostly "defensive". Compliance with rules and regulations, protection of people's privacy, compliance with internal policies are the reasons that justify the investment in the professional management of personal data. In a minority of cases (28%) the reason lies in the fact to have a potential driver ahead for the development of their business. The result of the latest research carried out by DNV GL, an international certification body as stated in this article, starts from data protection as one of the main areas in which to invest, regardless of the size of the companies, whether they are small, medium or large. The law now imposes it, but many companies seem confused by the numerous offers of the digital world and sometimes even overwhelmed by the performance anxiety that Digital Transformation suggests and/or now imposes.
Another point that emerged from the research is the human factor described in two frequent behaviours: the low awareness of the importance of data protection in a transversal way with respect to company roles (from managers to employees) and the human error that still puts small and large companies at risk of cyber threats for mere individual distractions. So let's try to simplify and recommend a path that starts from human data and errors. Indeed, it is also up to the providers of the sector to accompany companies in this digital transformation. The goal is double: contribute to creating priorities on the solutions to be evaluated and on which to invest in first, and to fill the digital divide that otherwise risks to increase and keep many companies immovable.
Whether you are small or large it doesn’t matter, data must be protected from data hacks & breaches, it must be kept under control and kept intact. Primarily data must be protected, but also consulted, edited, exchanged and checked when needed and with extreme ease. There are advanced, secure, simple and economically non-demanding solutions to protect data. Data protection can really become a first step to take, as it indicates a solution that will still need to be adopted, whether a company is heading towards a complete digital transformation or not. And this is when a provider such as Multipartner, who provides highly secure and customized virtual data rooms and workspaces compliant with the GDPR, can come into play. The solutions offered are many because there can be many applications in different sectors. From a platform compliant for a stock exchange listing, to a simple, highly secure workspace that allows to manage projects and/or corporate data. The solutions developed are in fact modular so they can be configured according to the client’s' business as well as the economic investment required.