GDPR: light amid the gloom
5 May 2017 | 0
In the first TechFire on the General Data Protection Regulation, an important concept was discussed, that of data minimisation.
The idea is that by limiting the data collected only to that which is absolutely necessary, organisations can reduce their risk exposure. By the same token, looking at existing data to see what can be safely discarded will further reduce risk exposure. If you don’t have it, you don’t have to protect it, or explain what you are doing with it.
But exploring the issues further, staff need to understand how such minimisation principles would apply to their work and the processes they develop and implement in data collection.
Chris Butler, principal consultant, Cyber Resilience and Security, Sungard AS, will talk about why effective governance and programme management are key to successful GDPR implementation; the likely impact of the most significant changes that GDPR will bring; and how a focus on awareness, development and training of people is as important as trying to find tools to automate and support GDPR compliance.
In many compliance efforts, there can be an over-focus on tools and technologies, leaving people behind. The extent and reach of GDPR will require a greater effort to educate people on how data gathering, storage and governance needs to change, emphasising more than ever, the ‘people’ element of the ‘people, process and technology’ mantra.
John Thompson, Ireland Regional Manager, Avnet Client Solutions, will talk about what the regulation means for data warehousing, business intelligence and analytics environments. He will discuss what types of data and process are impacted, what actions are required and what changes in process and architecture are advisable.
At this critical time for Irish organisations, the focus is on the practicalities of compliance, with an eye to the May 2018 deadline. With so many organisations looking for advice, resources and expertise, concerns have been expressed for those who leave implementation too late.
Speaking to TechPro magazine, Peter O’Connor, Asystec, said “An important point to make is that many organisations have left these essential tasks a bit late. Reviewing data and access permissions and progressing to a ‘least privileged’ state can take several months. We have known it take a full year.”
However, there are some sentiments of comfort too.
“I would emphasise,” said Jason Burns, IBM, “that organisations can implement GDPR with a minimum amount of tech. It is about policies and processes and care of people’s information. It is a cultural shift—governance is good, data protection is not a burden.”
To get up to speed on these and other issues around the regulation, the second TechFire on GDPR takes place on Thursday 11 May at Croke Park, Dublin.
The event is free but registration is required.
With advice on the practicalities of implementation and an end user experience interview with Tom Hulton, Corporate Compliance Manager, An Post, the event will help to inform decision making around this most important of regulations.