Technology is rapidly changing the way we live, work and play. Eight billion devices a year are being brought online. As they are connected, the amount of data in existence and being created daily is truly mind boggling.
Every day, we create 2.5 quintillion bytes of data. In almost every industry, data is being created in places it never was before. We produce so much data and yet 90% of the data in the world today has been created in the last two years alone. The total amount of data (at rest and in transit) in the world was 4.4 zettabytes in 2013. That is set to increase quickly to 44 zettabytes by 2020.
As we were approaching this Big Data industrial revolution, the laws governing its protection had reached a point where they were a bit like an old operating system. In need of an update or they would have become unfit for purpose. Each country, concerned about citizens’ personal data, big data analytics and security, was attempting to come up with its own legislation to control data.
The EU decided to enact General Data Protection Regulation (GDPR), the biggest change to data protection law for a generation. GDPR will govern the way data is stored and protected. It’s intended to give citizens back more control of the data held about them. Despite Brexit, there is no opt in or out. The UK will still be adopting GDPR and any company that holds data of an EU citizen will be affected either way. Uniformity will make it easier to regulate.
GDPR enforcement date is 25 May 2018, at which time non-compliant organisations will face heavy fines. Penalties could potentially be more severe than the current applicable UK law, the Data Protection Act. Under this regime, companies only faced a maximum £500K fine. Under GDPR, it is possible that the EU could impose a penalty of €20 million, or four percent of global revenue, whichever is higher.
You will know only too well that financial services data is renowned as a big target for cyber criminals. Of course, regulated financial services organisations are accustomed to safeguarding customer information. Those with established digital services and customer-facing mobile applications already do their best with safety certifications. They already make additional requests for consent for the use of customer data in order to comply with existing law.
Cyber criminal organisations are getting smarter and more sophisticated, and GDPR has many aspects to it. GDPR will compel firms to have a data protection officer and to reveal details of any breach within 72 hours.
How to achieve GDPR compliance?
There is no magic bullet. But you could start with GDPR is coming: 5 Things to Be Aware Of or this GDPR overview or study the full GDPR guidelines. For a principles-based approach, the UK Information Commissioner’s Office (ICO) has created a useful roadmap to GDPR compliance.
If you’re looking for practical GDPR help, perhaps to create a security strategy, control access to your network, secure your data centre or protect against ransomware, Cisco has the tools to help. Security starts with speed of detection and strong DNA. Big data management begins with the intelligent use of data. Visibility is key. Cisco data centre analytics provide visibility of data at the network level. Perfect if you want the right data sent to the right target endpoints at the right time.
Clearly, with big data comes big responsibility. Any company entrusted to hold intimate customer data has a moral duty to protect it and that’s why GDPR is a welcome and timely piece of legislation as we go further into the big data revolution.