ICT professionals need to be more data protection aware
Rarely will so many people have been made aware of a new law's introduction as when the General Data Protection Regulation (GDPR) came in last year. Mailboxes were overflowing with messages from companies asking for permission to retain customers' details. Registers and databases were modified. And organisations faced an acute shortage of specialists capable of ensuring compliance with the new law. At SIDN too, steps were taken to reinforce the privacy of the people we deal with.
GDPR in practice
One year on, it's interesting to see how the GDPR is working in practice. In recent days, numerous blogs have appeared marking the first anniversary of the law's introduction. And many are saying that, with active enforcement not yet up and running, people are paying increasingly little attention to the new rules. However, now isn't the time for an organisation to take its eye off the ball, because the authorities insist that they are checking compliance, and that the first penalties will soon be handed out.
Increased personal data awareness
As part of the survey of Trends in Online Security & e-Identity we carried out this spring, we asked people about the GDPR. From the responses, it was clear that the GDPR's arrival hadn't gone unnoticed: 88 per cent of businesses said that the GDPR had influenced personal data awareness within their organisations. And 68 per cent had taken practical steps to ensure compliance. Amongst businesses with more than 100 FTEs, the figure topped 90 per cent.
Less interest from ICT personnel
Impressive figures. But scratch beneath the surface, and not everything is rosy. The main point of concern is that awareness isn't uniform across different disciplines. ICT personnel were particularly relaxed about data protection issues. Only 2.2 per cent of them said that the GDPR was a major influence on their attitude to personal data. By contrast, 72 per cent of lawyers took that view. Those are striking stats, considering how important ICT is for an organisation's GDPR compliance. So important that the umbrella group Nederland ICT recently introduced a GDPR certification scheme for data processors in the sector.
Now, you might argue that the reason for the GDPR having little influence on ICT professionals is that they were already very data protection aware. However, various studies carried out before the law change suggest otherwise. It seems to be more of a question of focus. Technical people simply seem to pay the subject less attention than, for example, lawyers.
Security and privacy influence purchasing decisions
It's worth making the point that a responsible approach to privacy isn't just about staying the right side of the law. Privacy and the value of personal data are issues that matter to an increasingly wide section of society. Our research shows that 85 per cent of buyers think about security and privacy when making purchasing decisions. While those factors may be decisive for only 10 per cent, it's clear that commercial departments can't afford to neglect data protection.
All professions need to wake up to the importance of security and privacy. Technical and commercial professionals need to recognise that GDPR compliance requires ongoing attention. And legal personnel would do well to adopt the mantle of ambassadors for data protection within their organisations. They need to communicate the importance of good personal data practices to all departments, because all departments share responsibility for ensuring that customers' and partners' data is handled responsibly. Read the full report Trends in Online Security & e-Identity. Want to know more about the GDPR and ICT? Read this whitepaper by Guardian360.