Today's guest post comes from Paul Flannery, Oracle's Senior Director, Business Development, Systems in the Europe, Middle East, and Africa region.
Organizations are currently faced with the question of how to approach the General Data Protection Regulation (GDPR), the new legislation coming into force in May 2018 which sets out to harmonize data protection across the European Union. Rather than be seen as a compliance burden by Europe-based organizations and global entities who do business in the EU, GDPR should be seen as one of the best opportunities to deploy long term technology investment to unlock true digital transformation.
While the regulation itself is limited to the processing of personal data, the EU’s interpretation of what that actually constitutes is broad. Essentially, any data that relates to an identifiable living human, including something as disconnected as an IP address that can identify a specific user’s device, is regarded as within the scope.
The extended scope of the legislation doesn’t end there. For example, organizations are obliged to take into account the “state of the art” in cybersecurity, yet specific technologies, controls or processes beyond that phrase remain unmentioned, leaving a high degree of risk assessment and subsequent judgement needing to be applied by the organization itself.
The timescale for addressing compliance is tight too, and any organization of sizable scale will find it difficult to even understand what data they have in the first place and assess its sensitivity.
The cost of non-compliance is what has brought GDPR to the attention of boardrooms not just in the EU, but globally. The potential magnitude of fines are significant (4% of an organization’s global revenue, or €20 Million – whichever is greater), as well as the potential reputation damage that may result from non-compliance with the new mandatory breach notification requirements.
The cloud, whether it’s public or private, Software-, Infrastructure- or Platform-as-a-Service, can mean different things to different people, and the overall understanding across the majority of industries is somewhat immature, specifically with regards to compliance and security. Yet the journey to the cloud is happening regardless, and without proper security in place, that inevitable shift will arrive in the form of shadow IT, bringing with it unnecessary risk exposure.
Generally speaking, there are substantial benefits in moving to the cloud, such as enhanced security capabilities that go beyond what would be affordable for most organizations in an on-premise environment. However any move to the cloud needs to be carefully planned and architected properly, as with the new legislation approaching, the consequences of getting it wrong are significantly increasing.
GDPR compliance is a long term commitment, and investment in implementing a cost-effective supporting infrastructure will prove to be valuable in the years ahead. It might even represent one of the biggest opportunities to accelerate digital transformation in recent years.
It places focus on good data management, with benefits to organizations ranging from increased security and operational efficiency, to improved customer service and corporate reputation. For example, one of the key legislative requirements is to be able to provide any individual with every piece of data an organization holds on them, including all data records and any activity logs that may be stored.
On the one hand, this places significant technology requirements that would only be possible with the simplification and standardization of complex IT environments. Yet on the other, the potential for converged data of that quality from a business or marketing perspective is substantial, and brings with it a wealth of possibilities.
Earlier this year, IDC gathered CIOs and CSIOs from enterprises across EMEA, to gain insight into how they are approaching GDPR in light of current cloud adoption and security requirements. Their resulting report ‘Does Cloud Help or Hinder GDPR Compliance?’ summarizes discussions from events in France, Italy, Morocco, Spain, South Africa, Sweden and Switzerland. It not only flags the many potential benefits of compliance, but also sets out IDC’s simple but effective technology framework to help organizations focus on the particular requirements of GDPR, and select the right technology for the job.
The full report is available to download here.
Paul Flannery is the Senior Director, Business Development, Systems for the EMEA region at Oracle. With over 30+ years experience in the IT industry as a Software Developer, IT Manager and Pre-sales consultant, Paul brings a 360 degree view of the IT market : having held several Sales Leadership and General Management roles with over 25 years experience in Global Account Leadership, Partners & Alliances and Business Development, working with Large Global Corporate customers , across a broad range of Industries.
Paul is well known for his strong strategic thinking approach, coupled with an execution focus to help Customers and Partners deliver Quantifiable Business Value to their Key Stakeholders.
Find Paul on LinkedIn at https://www.linkedin.com/in/paul-flannery-1849262/