Home / Opinion / One year on from GDPR: “I’m not sure we’re any safer now than before”

One year on from GDPR: “I’m not sure we’re any safer now than before”

The General Data Protection Regulations (GDPR) came into force on May 25th, 2018. A year later, what has been its impact and has our data become more secure as a result? Colin Tankard, managing director of data security company Digital Pathways takes a look…

I’m not sure we are any safer now than before. This time last year, companies were in a frenzy, rushing to get all the relevant documentation in order so that their policies and statements, required by the new legislation, were in place.

All of us, I’m sure, were bombarded with opt in requests, allowing businesses to continue to send us marketing information etc. However, whilst tidying up these processes can be seen as a positive step, it feels to me, as if it was purely a tick box exercise. Little seems to have been done to actually protect data, which is born out by the number of public breach declarations we have seen. If the data had been adequately secured, by the use of encryption, such breaches would not have been required to become public; a notification to the ICO would have been all that was needed to be done.

As a result of GDPR, the number of Subject Access Requests (SARs) has dramatically risen. Many organisations are struggling to know exactly where their PII data is or, how it is stored and protected. Whilst there are systems to deal with this, companies don’t seem to have signed up to them.

Cloud storage may also present a problem. Whilst players such as Microsoft and Google tell us they are GDPR compliant, I wonder how any company, using these services, can say that they are compliant in event of any breach, as there are few tools which allow the analysing of logs, in order to trace how the breach occurred.

Whilst most companies have indeed tightened their policies, in order to comply with the GDPR, it is my feeling that few have considered how they will enforce these policies or, have put in place technology to enable the easy compliance with data requests going forward.

I would say there is still much to do.

Colin Tankard, managing director of data security company Digital Pathways.

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.

Check Also

Evolving mobile device management strategies

Dom Hume, VP of Product and Technical Services at Becrypt, outlines four themes that are …