Uncertainties as regards data privacy will not give rise to digital champions
The consultants at IDC Germany recently carried out a survey to determine the status quo of the General Data Protection Regulation (GDPR) in German organizations and companies. The results were hardly surprising. After all, there is a lot more to the issue than meets the eye, especially for medium-sized companies. There are uncertainties everywhere, and companies are often badly prepared to deal with the issue. This is all very familiar so far.
However, the experts at IDC were shocked to discover that 23 percent of those surveyed do not know where their data are stored, 27 percent cannot say exactly who has access to personal data, 34 percent are not aware of deletion deadlines and 37 percent of respondents said that documents are randomly stored on file servers under the supervision of general employees. Unfortunately, there is nothing more to add to this assessment.
One reason for this is the fact that organizations that follow this approach are badly prepared for the forthcoming legislation. They therefore also fail with regard to their fundamental digital fitness and ultimately their competitiveness. After all, there are now clear key factors for success in the platform economy that has already begun – irrespective of whether a company is data or transaction focused. Success is only possible if data are faultlessly prepared and evaluated. And this applies both from a legal and a technological point of view. To stick with a familiar picture: if data are the new gold, they must not be treated like garbage. However, the study paints a different picture here too.
Accordingly, only 51 percent of organizations use database encryption, just 39 percent pseudonymize or anonymize their data and a mere 43 percent have put in place a system for identity and access management. There is therefore a huge amount of catching up to do. After all, in the area of digitization business processes, internal procedures and the links between businesses and their customers and partners can change. Because everything is data based, each process without exception must be legally and technologically watertight.
A look at the USA shows the real dimensions of this issue. The time-honored Supreme Court must now decide whether the US government can access foreigners’ data stored abroad if these foreigners use providers from the United States. If 33 federal states do not share the opinion that cloud-based data should enjoy the same protection as a letter in a desk drawer, alarm bells should start ringing for companies that are active internationally. After all, not only personal privacy, data privacy and data security but also competitiveness are under threat. Our data trusteeship concept is therefore given further confirmation, regardless of the decision that is ultimately made by the United States’ Supreme Court.
My conclusion: data privacy and data security are “full awareness” issues – there can be no leeway and no unpredictability here. After all, the digital future of a company is at stake.
You can find more information on the topic of “General Data Protection Regulation” here.
My next post will be a “plea for new talents with data protection expertise in companies”.