Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

DELPHIX EXPOSES CHALLENGES POSED BY GDPR AND THE ECONOMIC NEED FOR ENHANCED DATA PROTECTION

DELPHIX EXPOSES CHALLENGES POSED BY GDPR AND THE ECONOMIC NEED FOR ENHANCED DATA PROTECTION

GDPR challenges all organisations to mask EU data by default

Delphix, the market leader in data virtualisation, has issued a strong warning for organisations to re-architect operations and adopt a secure, data-first approach ahead of the introduction of the European General Data Protection Regulation (GDPR). The approval of the GDPR means businesses that store or process European data will be forced to build data protection into system design and infrastructure, or risk fines of up to 4 per cent of global turnover. In particular, organisations need to closely examine the security of non-production data that is used to develop and test systems. Independent research has highlighted that up to 90 per cent of non-production data currently sits unmasked within organisations, posing a significant security and compliance risk.

“The GDPR introduces a punitive structure, similar to the measures introduced to prevent price fixing in competition laws, that puts the risk of non-compliance into sharp focus,” said Iain Chidgey, vice president, international sales, Delphix. “In the last few years, we’ve seen blue-chip companies pay hundreds of millions in fines for price-fixing scandals and it’s even forced non-compliant firms into administration. The GDPR risks having the same effect, so companies must have a complete view of their data, treating non-production data with the same security profile as live data.”

The GDPR requires enhanced data security measures to ensure compliance, in particular referencing the use of “pseudonymisation.” This is the process of masking confidential data in such a way that it can no longer be attributed to an individual – protecting the data should it ever fall into the wrong hands.

The GDPR also incentivises data masking at several different points:

  • In the event of a data breach: If the compromised data presents a low risk to the individuals involved (for example, as a result of data masking), then data breach notifications to regulators and affected individuals may not be required.  If not, organisations need to notify within 72 hours, a very tight timescale in the event of a serious breach
  • In the event of data disclosure requests: If organisations can demonstrate that individuals cannot be identified from masked data they hold without additional information, then they may be exempted from requirements to supply data in response to a data access request or to erase data on request
  • In support of data profiling: If businesses use pseudonymised data, this will significantly reduce any privacy impact on the individual. This in turns means explicit consent requirements under the GDPR for automated decision making and profiling are unlikely to apply

“The volume of data copies that are sprawled across non-production environments will require technology that can efficiently protect all data, not only those bits of information that are the most sensitive,” continued Chidgey. “To meet future requirements for data protection, the first step will be understanding where all the data sits in IT environments. The second step will be embracing a new wave of IT innovation to support compliance and reduce the risk of a data breach but without slowing down projects. Combining data masking with data virtualisation is one way organisations can scale up to the security levels that the GDPR requires, ensure compliance and distribute data quickly to accelerate critical business initiatives.”

“The GDPR introduces a carrot and stick approach to promoting data masking. At several points throughout its text, it encourages businesses to adopt pseudonymisation technologies, either as part of good information management or by reducing regulatory burdens in the event of unforeseen events, like security incidents. Contrasted against that, companies that are not in compliance with the GDPR face regulators waving a very big stick – potential fines of up to four per cent of annual worldwide turnover. That’s a very big incentive to do things right,” concluded Phil Lee, a partner in the Privacy, Security and Information team at international law firm Fieldfisher,

Lee breaks down the legal jargon around GDPR pseudonymisation in a new paper here.

Read the blog post by Jes Breslaw, Delphix EMEA director of strategy, for additional background on the impact GDPR will have to customers.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post