2018 was the year of GDPR, with the European Union’s General Data Protection Regulation coming into effect on 25 May 2018, leaving several implications for businesses inside the EU. GDPR’s far-reaching effects are yet to be analyzed. However, privacy watchdogs all over Europe comment that they are witnessing an increase in data breach reports as well as privacy complaints. As the EU completes seven months of GDPR, mixed reactions turn up towards the regulation from businesses across the region. If the lapsing year was security-centric, market forecasts indicate that 2019 will pursue the trend, making businesses embrace stronger cybersecurity measures to adhere to data compliance and privacy related norms.
With GDPR’s first anniversary only a few months away, how this regulation is likely to transform the cybersecurity landscape in 2019?
Rise of Compliance-as-a-Service
G2 Crowd P2P Business Solutions Review predicts that GDPR compliance-as-a-service market will increase 75% during 2018 to 2019. Since GDPR came into effect, the number of data breach reports filed rose to 3,500 in Ireland, 4,600 in Germany, and 6,000 in France. According to Brian Honan, one of Ireland’s foremost experts in cybersecurity, “The increase in data breach reports does not mean there has been a surge in data breaches. What we are seeing is an increase in the reporting of the breaches that are happening. Since May 25, 2018 we are having better visibility on data breaches and privacy issues.”
Businesses need to rapidly adopt GDPR and other international regulations in order to meet their customer expectations with respect to the secure storage, sharing and management of personal information. This has accelerated the growth of compliance-as-a-service market.
How businesses are expected to respond to compliance in the post-GDPR year?
- Vendors in data security, privacy, and security risk analysis markets find the opportunity brimming, as they can introduce new tools to help businesses deal with compliance, more efficiently.
- For smaller businesses, it’s a golden opportunity to automate compliance tasks and optimize their workflows, which could save unnecessary overheads.
- Large scale businesses that struggle to adapt and conform with complicated compliance software solutions will opt for managed services.
- By adopting managed services for compliance fulfilment, businesses can save the time, effort and cost spent on training employees to master such software and processes.
Impact on Big Data Ethics
GDPR’s new regulations are likely to reign in big data usage. It will make the big data experts more accountable for the data collected and processed.
In order to meet compliance and data privacy related goals, businesses will avidly engage in data governance and data mapping to become more aware of data usage, data storage and other essential components. Besides allowing people to request companies to discard their data, GDPR also requires companies to anonymize their customers’ data, unless identifying information is crucial to its worthiness.
- Big data professionals who work with crucial customer data need to remove the identifying details before processing the information. This leads to stronger conclusions and predictions, as masking of data minimizes personal bias in decision-making.
- Companies must impart training to their employees on how to handle big data in order to avoid ethical violations and significant fines
- Businesses need to realize that a person who grants initial permissions for data usage is not giving an all-inclusive consent to use their data. Every time a business needs to use data differently, it has to obtain explicit permission from the customer beforehand.
These are a few examples of how GDPR will have both broad and specific effects on data ethics in 2019 and beyond.
Other Privacy Laws Will Take Shape
GDPR has set a new global standard for data security and privacy, which has influenced several other countries to start their movement towards implementing similar rules. Australia, Brazil and Argentina are a few among them. For advanced economies, updating their existing domestic legislation will be a cakewalk, as GDPR has already created a base for them to follow. Emerging economies have a more daunting task ahead, as they have to devise comprehensive regulatory frameworks that are on par with EU’s GDPR, simultaneously taking into sense their own economic and cultural trail.
Most noticeable of all is California’s Consumer Privacy Act (CPA), due to come into force in 2020. The CPA has in fact, triggered the need for a federal privacy law in the United States, championed by many tech giants such as IBM, Apple, and Microsoft who have publicly expressed their support for ‘comprehensive privacy legislation’. These organizations back the lobbying groups like the ITI and Internet Association in order to influence the direction of privacy laws and data regulations across the world.
Apart from the above mentioned trends, the post-GDPR year will witness widespread acceptance of biometric-infused security measures, evolution of new methods to address IoT-related security incidents etc. GDPR has created a global shift in consumer awareness around data issues including how personal data is captured and handled.
In 2019, we can expect legal regulators of GDPR to become more insightful in their interpretations of the law. The regulation is forcing us to have a reset around facts such as who owns the data, how it is being used, and where the balance of power rests (from a data perspective). Data privacy rules like GDPR pave way for a more open and transparent use of data between vendors, publishers, agencies and ultimately users.