Data breaches have become an increasingly common phenomenon in recent years. From multinationals to smaller ‘Mom and Pop’ businesses, no company is immune to the threat of a breach. As a result, data privacy and protection has never been higher on the corporate agenda.

No longer classed merely as an IT issue, organisations are finally beginning to give data privacy the attention it deserves. Yet there is still much work to be done to help prevent breaches and communicate them to stakeholders.

The shift in corporate priorities has been driven by a number of factors, including the European Union’s General Data Protection Regulation (GDPR), which came into force in May 2018. The GDPR forces companies, both in the EU and elsewhere, to revolutionise the way they handle data and manage responsibilities, particularly around breach notifications.

Scope of the GDPR

Through the GDPR, the EU set about creating the gold-standard for data protection and breach notification. Though it is still too early to tell precisely how influential the regulation is likely to be in the coming years, its reach is being felt across Europe and elsewhere. Other jurisdictions have begun to expand and renew their own privacy regulations, evoking the GDPR’s security measures and data breach aspects. These include, India, China and the state of California, for example. Brazil also has new legislation – the General Data Protection Law (GDPL), which was sanctioned by the outgoing Brazilian president Michel Temer in August, has similar breach notification requirements to GDPR and cross-border reach.

The GDPR is fundamentally changing the relationship between companies and their data. One of the biggest shifts is in the mindset of senior executives and board members.

Jan-Mar 2019 issue

Richard Summerfield