Data legislation won’t stop with GDPR

The General Data Protection Regulation (GDPR), the widest ranging European data regulation to date, comes into effect in May. Critics have labelled it a tax on the digital economy. Whichever way it is viewed, it won’t be the last piece data protection legislation with teeth that businesses will face. 

The tension between what information is being collated and the need to protect it is growing. The most secure way to protect data is to lock it away in a safe and never access it. But that would make it unusable. This predicament, however, is creating a “push-me, pull-you” effect, according to Peter Gee, director Orange Cloud for Business.

“Increased regulation is a challenge. Data is now so valuable that increased legislation and fines can be construed as a tax, which has the potential to hobble the digital economy,” he says.

The amount of money at stake for companies that fail to meet GDPR standards is big. Up to €20 million or 4 percent of group global turnover (whichever is the greater) against both data controllers and data processors. With privacy and data protection a major issue in governance worldwide, this is the stark reality of doing business in the digital age.

of organizations worldwide are concerned that a failure to adhere to the upcoming General Data Protection Regulation (GDPR) could have a major negative impact on their business.
Source: The Veritas 2017 GDPR Report


“There is the pull where organizations see data as valuable and want to do more with it, but there is the push in regulation constraining their efforts. Organizations want to collect more data to analyze and gain insight. But regulations are saying you must control it, only use it for what you say you are and give the public the right to be forgotten. This is creating a constant battle between two grounds.”

Peter Gee, Orange Cloud for Business International

Big data is getting bigger

Data lakes are getting bigger by the day. IDC estimates that by 2025 we will be creating 180 zettabytes of data annually. This is being driven by new technologies such as the Internet of Things and connected cars. Intel, for example, estimates that an autonomous car will create 4,000 GB of data from one hour’s driving!

“This explosion in data is being driven by the ability to adopt new technologies much faster. You have to remember that this data can be very powerful – so there is a big fight going on about who owns this data and how it can be shared which needs resolving.”

Peter Gee, Orange Cloud for Business International

 Gee cites the example of the connected car. Both the manufacturer and the dealer want the car’s data to gain insight into the customer, which creates conflict. If this data is repurposed, say to an insurance company, it becomes even more valuable on quoting premiums on usage as opposed to the driver.

“Who owns this data? How can it be regulated and monetized? These are the questions enterprises are asking. There is a lot of repurposing data that can happen, but businesses don’t know which way to turn,”

Peter Gee, Orange Cloud for Business International

The Second Payment Services Directive (PSD2), which took effect at the beginning of the year across the EU, has answered some of these questions for financial institutions. Banks must give third party 'account information service providers' (AISPs) and 'payment initiation service providers' (PISPs) access to the payment account data they hold on customers, at those customers' request, to allow the businesses to provide the customers with their services. 

The idea is that it will enable development of innovative new fintech services and broaden competition in the payments market – increasing services choice and lower banking costs for customers. “The amount of data banks collect is phenomenal. Being able to use it in a productive way and share it with others like this is very powerful. It turns them from banks into information businesses,” explains Gee.

You are not going to stop the data legislation train

Data legislation is not going to stop with GDPR. There is a lot more legislation to come, particularly in the wake of the Facebook and Cambridge Analytica scandal, as we all become more concerned about where our information is stored and how it is being used.

“The proliferation of our data is huge,” says Gee. “In order to police and govern that data and make users confident that the digital world is a safe place to be, regulation can only increase.”
The biggest step organizations can take in protecting themselves is it to get their data Under control. “Business needs to be honest with itself and look to see where the data lakes are
leaking,” says Gee. “Look to technology to search that dark data. Be confident in the fact that you know exactly where the data is, what it is doing and why.”

Shockingly, 32 percent of respondents to the Veritas GDPR report 2017 said they were fearful
that their current technology stack was incapable of managing their data effectively, which
could hinder their ability to search, discover and review data.

Wrestling back control means going back to basics; looking at back-up and recovery, the very
cornerstones of any IT infrastructure. “The big message we are taking to market is
standardization and it is starting to resonate,” explains Gee. “With so many disparate systems
and data pools, business needs to standardize backup and recovery. When the data pools are
backed up, managed and secure, enterprises can move up a level and move data around.”

Big data diet

The key learning is that legislation can’t be avoided, but it can be turned into a positive. By getting data under control and being selective about what data is retained and what can be jettisoned, enterprises can make big savings on storage, work within the law and dramatically reduce risk exposure.

“The data economy is here and it’s the new currency,” concludes Gee. “By getting back to basics, enterprises have a fighting chance of doing something really useful with their data.”

Read more about how your organization can get data fit, and read our whitepaper on the GDPR essentials.
Jan Howells

Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.