GDPR at 3: Business and privacy in the age of remote working

Ahead of the upcoming three-year anniversary of GDPR in May, Typetec’s Ken Tormey underscores the importance of compliance and preserving privacy in a time of wide-scale remote working.

For the wider enterprise community, 2020 was one of the most turbulent and disruptive years in living memory. In addition to the blanket of uncertainty brought on by the pandemic, enterprises had to grapple with a rapidly evolving regulatory landscape and challenging market conditions.

The compound effect has seen the data privacy agenda being thrust into sharp focus, not least due to the pandemic-driven shift towards wide-scale remote working.

“With businesses across the board counting the cost of digital transformation and regulatory complacency, a robust data management and cybersecurity strategy will be needed”

Alongside this workplace shift, GDPR constraints underscored the importance of enterprise vigilance when it comes to the management of data moving forward.

The upcoming three-year anniversary of GDPR in May provides another impetus for enterprises to develop robust compliance strategies, which can be boosted by the proliferation of much-needed cybersecurity solutions.

With the protection of internal data assets now sitting firmly atop the list of enterprise priorities, digital transformation efforts, particularly around data security, are being fast-tracked. 

Ensure regulatory compliance at all costs

According to PwC’s CEO 2021 survey, 90pc of Irish business leaders are worried about cyberthreats, up from 78pc last year. The survey was carried out among more than 5,000 CEOs from around the world, including 153 in Ireland.

This sense of trepidation is not unfounded, with GDPR fines up 39pc year-on-year. Following last year’s reports of resource constraints undercutting enforcement efforts, the deferral of noncompliance fines, and question marks over the rigour of implementation, the GDPR narrative has changed significantly.

As we approach the framework’s three-year anniversary, the GDPR warning couldn’t be more pronounced: companies can incur fines of up to €20m, or the equivalent of 4pc of their global annual revenue if the breaches infringe on the basic principles for processing data. Intuitively, the size of the fine hinges on the scale of the infringement, whether it was intentional or due to negligence, and crucially, what kind of preventative measures were in place. 

As these fines apply to businesses of every size that collect, store, and process customer data, companies urgently need new solutions to safeguard data privacy, leaving no stone unturned on the ‘preventative measures’ front.

Striking the right balance between collaboration and security in the remote era

Depending on how prepared enterprises were for the sudden shift towards remote working in 2020, the transition may have been a cake walk or an arduous IT effort. For some businesses, work from home policies had to be implemented from scratch, while for others, existing infrastructure was simply switched into high gear. Whether a slight pivot or major shift, if this transition was not managed with precision, an enterprise could be susceptible to damaging cyberattacks. 

Of course, then there’s the human risk element. Under remote working arrangements, workers may have been forced to navigate uncharted IT territory, without the full suite of tools required to ensure absolute security.

According to IBM’s Cost of a Data Breach Report, human error accounted for 23% of data breaches in 2020. Is it coincidence that this correlated with a full-time remote working schedule for large swathes of enterprises?

During these unprecedented times, the security challenges confronting employees, and businesses, are numerous. For example, without the normal levels of IT oversight, staff could easily fall victim to instances of phishing or more sophisticated attacks, which is understandable given the surprising trend of new recruits not receiving substantial cybersecurity training. 

The Irish Government’s recent announcement around the Remote Work Strategy — signalling a continuation of remote working arrangements post-pandemic — should prompt businesses to pour more resources into employee security awareness programmes, in-depth cyber security training and tailored security compliance testing.

Last year, Gartner predicted that regulatory constraints will drive over 50pc of large organisations to deploy new privacy-enabled technologies by 2025.

As remote working becomes more firmly embedded in the corporate landscape, and regulatory constraints continue to dictate the privacy agenda, it’s not unfeasible to expect a greater urgency among enterprises to go all-in on privacy-based solutions. If this forecast comes to bear, companies that don’t avail of innovative privacy solutions will be at a marked disadvantage, and could be opening the door to nefarious actors. As such, the case for enterprises to explore the latest innovations in privacy-enabled technology really stands up from a regulatory and competitive point of view. 

Privacy-first approach to innovation

By leveraging state-of-the-art cybersecurity technology, enterprises can rest assured that all their interconnected critical systems are being rigorously monitored 24/7, with proactive threat identification procedures being deployed to swiftly identify instances of cybercrime, also helping to spot under-the-radar red flags.

These advanced threat mitigation capabilities will be central to helping diffuse potential issues before they materialise into destructive attacks, with real-time insights helping to avert any system downtime and operational losses.

Given these high stakes, companies in this realm should prioritise the pursuit of innovative solutions to mitigate the risk of organisational disruption, reputational damage and loss of earnings associated with falling victim to cybercrime or data breaches.

With businesses across the board counting the cost of digital transformation and regulatory complacency, a robust data management and cybersecurity strategy will be needed to help businesses uphold a strong compliance culture, and drive growth in the post-pandemic era.

Ken Tormey is chief revenue officer of tech consultancy and managed services provider Typetec