In 2006, the Council of Europe launched Data Protection Day to be celebrated each year on 28th January. This was also the date on which the Council of Europe’s data protection convention, ‘Convention 108’, was opened to signature.
Data Protection Day – known outside of Europe as Privacy Day – is now celebrated globally, and exists to raise awareness about the rights to personal data protection and privacy. With ransomware attacks and data breaches on the rise, procedures for data protection must now be more watertight than ever before. We spoke to six technology experts who give their thoughts and advice on how businesses can best secure their data in light of the day.
Dodge the disruption of downtime
“The headline scare stories of data leaks, outages and ransomware attacks over the past year should be enough to have persuaded all businesses to prioritise data protection,” comments Steve Blow, Systems Engineering Manager UK at Zerto. “Plus, the modern consumer demands no excuse for downtime, or the loss of data. As such, businesses need to ensure they are resilient against the many threats facing data today, to prove to their customers they are taking data protection seriously.
“The challenge is that, as growing complexities run parallel with the latest technological advancements, the number of both planned and unplanned disruptions for businesses is rising. Companies need to start looking outside of traditional backup capabilities to keep the business online and combat these challenges, and to do so they will need to utilise a modern, resilient approach that can take advantage of continuous data protection.
“Pair this with the ability to orchestrate and automate the mobility of applications to the ideal infrastructure, businesses will be able to have more than just their customers’ data protected. Organisations will become completely IT resilient, protecting data, infrastructure and reputation – without the risk of downtime.”
The aftermath of the latest regulations
Eltjo Hofstee, Managing Director at Leaseweb UK, explains how the implementation of GDPR has propelled data protection into an issue that has gone mainstream over the last few years:
“For businesses in the UK, Brexit has added some uncertainty around data protection in terms of legal compliance and disaster recovery processes. Based on the current conversations between the EU and UK, nothing will change with regard to data protection laws after Brexit, however, it may be good business practice for organisations that have not reviewed their position before now to evaluate their data, assessing potential risks associated with current storage processes and locations, as well as DR practices and hosting options.
“Any uncertainty relating to hosting sites can be minimised by setting up a cloud hosting platform in a hybrid way, where data can be stored, protected and managed using at least two different locations and jurisdictions (i.e. EU + UK). Having said this, it might be a bit too early to already make these kind of changes, and while we don’t believe the UK will move away from GDPR, it’s certainly top of mind for many of our customers. And, while the uncertainty remains, being prepared for any eventuality is probably the most sensible approach.”
Matt Aldridge, Co-Founder and CEO at Mango Solutions, also explains:
“As well as advising our clients on how to best make data-driven decisions, we also provide recommendations regarding best practice for securing their personal data when their processes may not be fit for purpose. So, by creating and supporting ‘fit for purpose’ processes, our clients can operate effectively and consistently without needing to panic about whether they are GDPR compliant – one of the biggest obstacles companies have been facing in the past couple of years when it comes to ensuring data protection. This means that none of our clients have encountered GDPR incidents and other data protection regulations at all, and also any data required for ‘know your customer’ projects is anonymised on principle in order to ensure regulatory compliance.’’
Alan Conboy, Office of the CTO at Scale Computing, describes how new regulations have affected data protection on the other side of the pond, too:
“Data Privacy Day serves as a reminder to the technology industry that protecting your data is of utmost importance. This has been increasingly true with the recent implementation of the California Consumer Privacy Act (CCPA), which is shining a light on the rising regulation of data protection and privacy. With more organisations moving their workloads to edge computing and hyperconverged environments, businesses are looking to protect and recover these workloads, in addition to complying with data privacy regulations like CCPA. With this in mind, it is essential that these platforms include a variety of backup and disaster recovery features such as snapshots, replication, ransomware protection, failover and failback, so that organisations can help safeguard their digital assets today and in the future.”
From individual to enterprise
Nigel Tozer, Solutions Marketing Director EMEA at Commvault, explains how individuals must be held responsible for their own data’s protection:
“Privacy may have been given the status of a ‘human right’ in the EU, but many organisations still struggle with the Data Protection laws that protect it. In some cases you can put it down to ignorance, for many it’s due to the complexity of modern data processing and sadly, still too much wilful avoidance for commercial gain.
“As individuals, this means we have to be aware of our own rights with regard to privacy and data protection, and take steps to protect our data from misuse or abuse. Simply reading privacy policies (I know!) is a good start – what you find might surprise you enough that you think twice about ticking those consent boxes.
“For business, ignorance and complexity are not excuses. While data at scale, built up over the years, is too much for any kind of manual compliance effort. That said, getting visibility of all of your data – on-premises, in the cloud and on laptops – and automating the actions needed clean up your act isn’t anything like as difficult as you think. So this coming Jan 28th, Data Protection Day, make a note in your diary to investigate doing just that. You never know, it might save you money as well giving your data governance program the shot in the arm that it needs”
Steve Nice, Chief Technologist at Node4, further explains how one of the most important ways you can protect data is to educate staff:
“The challenges of data protection don’t have a single-bullet solution. However, every organisation has the ability to raise their game in a number of key areas, and succeeding in this is less about cost and more about making an active, long-term commitment.
“The first step is to treat your staff as your human firewall, educate them in the threats they may be exposed to and ensure they are active and aware of those threats – after all, they are your intelligent line of defence. On top of this, completing regular vulnerability scanning and penetration testing will provide crucial intelligence that your security is up to the job of handling the threats.
“Test again and again, because the threat landscape is an ever-moving beast. Finally, should a disaster occur, Disaster Recovery and backups are vital as a solution to threats like ransomware, but as these systems also become the targets of cybercriminals they need to be protected – not just seen as a siloed last line of defence.”
As the digital landscape becomes ever more intricate and susceptible to leaks and hacks, it will be within all businesses’, and individuals’, best interests to take further necessary steps to protect their data.