Kindly attribute the responses toMr. Prashant John, Co-Founder and CMO at Kwench Global Technologies and Bhabani Panda, CISO, Kwench Global Technologies
The EU-GDPR represents a paradigm shift in the way data can be collected and treated by organizations. The Economist in the May of 2017, proclaimed on its cover that data is the world’s most valuable resource. GDPR plans to ensure that the ones generating that valuable resource also are in control of it and not the technology and service companies that seem to infiltrate into every aspect of one’s life. Data is power and concentration of that power in the hands of a few organizations is not in the larger interest of the world. Inverting that power distribution is the way to ensure that everyone wins in the brave new digital world.
The regulations thus give much more power to the consumer to control how her data is used by companies. At this point in time, it only applies directly to those companies that are established in the EU or offer goods and services to citizens in the EU. But then since the world is flat, like it or not, it also applies indirectly to pretty much all companies in India that aim to operate outside our borders.
So does the GDPR pose a threat to Indian companies or is it a boon?
As with everything else the answer is “it depends.” If you are a company that is lax in data security and thinks spamming people using data from bulk databases is the way to grow business, then GDPR can be a huge existential threat with fines up to 4% of annual global revenue or 20 million Euros. On the other hand, if you are an organization looking to move up the Data Maturity Model and be a trustworthy brand that consumers trust, then GDPR compliance can be an opportunity to stand apart from the crowd.
For Indian businesses the biggest challenges will be in getting the organization mindset to shift from the current Consent Model to a Rights Model. In the discussion document “Beyond Consent: A New Paradigm for Data Protection” Rahul Matthan outlines the fundamental difference thus - In the Consent Model, once the consumer’s consent to collect data is obtained, the controller is free to use the data for the specified purpose and is not liable for the consequences – thereby putting the onus on the consumer to know what she is providing her consent to. The Rights model flips this around and gives the consumer total control over her data. The collector must then ensure that the way they collect and use the data does not violate this fundamental right.
Organizations steeped in decades of operating under the consent model, sometimes with lax oversight and privacy controls are going to find the task of percolating the mindset change down to the last customer-facing employee a tough challenge.
Sanjay Gupta, Managing Director, South Asia, Middle East, NICE
Due to the rapid change in technology, the General Data Protection Regulation (GDPR) places the burden of “continuous risk assessment” on the collecting organizations – data controllers and requires that any outside organization processing data – data processor – be GDPR compliant.A recent survey of IT professionals (ESG research) has revealed that only 11% of organizations are completely prepared for the GDPR, a third of organizations say they are mostly prepared, and 44% are enroute to implementing the processes they would like to have in place to meet GDPR requirements.
For many organizations, the initial transition to GDPR compliance is likely to be a lengthy and challenging process. To combat the challenges, we advocate a collaborative technology vision with a dedicated GDPR solution to simplify processes relating to the rights for the data subject. We try our best to offer seamless security solutions combined with high awareness and actionable threat awareness to the most demanding enterprise environments and have earned the most independent certification for security effectiveness and performance in the industry. These solutions, close gaps left by legacy point products and provide the broad, powerful, and automated end-to-end protection requirement across physical, virtual and cloud environments.
As the digital revolution marches on, it brings about numerous technological advances that is the thrill of the fourth Industrial revolution. However, there is one dimension called compliance and regulation that needs to be addressed and requires re- evaluation based on the continued reassessment of the risks.A broad, powerful, and automated approach to security is required to achieve this.