In 2016 we asked – What is GDPR and why should South African’s care?
The European Union’s General Data Protection Regulation (GDPR) came into effect in May 2018.
Earlier this year, Liberty Life became one of the first global firms to suffer a major breach under GDPR – forcing the CEO onto television to limit the reputational damage.
More recently, British Airways announced that nearly 400000 customers had had their credit card details stolen due to a sophisticated attack against their online booking platform.
Imagine the impact of having to cancel your credit card whilst travelling internationally – as happened to a friend of mine in this case.
Would you be happy with the service provider?
Privacy and ethics a major trend for 2019
GDPR applies to any organisation holding the data of European citizens and has a world wide applicability and is one of the reasons that Gartner has identified data privacy and ethics as one of the top technology trends for 2019
South African forms must also comply with PoPIA – the South African Protection of Personal Information Act – which shares many characteristics with GDPR but extends to protect the personal data of any South African legal entity.
And those of us that do business elsewhere in Africa are finding that many of our fellow African countries have their own variations of data protection regulations that must be supported.
The creepiness factor
Privacy is not simply a compliance / legal problem. Companies like Target have experienced consumer backlash based on overzealous use of analytics outcomes and data breaches – long before GDPR, while Liberty’s share price lost 5% almost overnight following their breach.
Consumers are becoming increasingly militant about how their data is used, and protected, and are willing to vote with their feet by moving to service providers that seem to take their needs and rights more seriously. Companies need to define their ethical position with respect to the use of data and ensure that this position is reflected in their policies.
Who is responsible?
The complexity of data management in modern businesses is tremendous.
It is tempting to assume that data privacy and protection is a legal problem – assigning it to the Compliance team, or to appoint a Chief Information Security Officer (CISO) and make data privacy his problem
Yet, the reality is that data privacy is an all encompassing challenge that goes well beyond the legal and security implications.
Everybody that works with data is responsible for data privacy – with ultimate accountability lying with the board.
Companies need to have clearly defined data policies, assign clear accountability (ownership) and ensure that they understand where personal data is stored, what it is being used for, and whether this is in line with the acceptable use policy.
ITWeb GDPR Update
Join us at ITWeb’s 2018 GDPR Update to understand how data privacy affects you – and for practical and sustainable approaches to solving these problems