Mar/Apr 19 - ChannelVision Magazine

international Agents How Companies Are Responding For the first few months following the start of GDPR, there was much speculation about whether the legisla- tion had any real teeth. Questions still abound: are compa- nies taking GDPR seriously enough? Do European authorities have enough resources to keep up with all of the complaints that are pouring in? And will we start to see more large fines? To date, fewer than 100 fines have been distributed. The largest one so far was France’s $57 million penalty against Google, imposed by the CNIL for failing to obtain proper consent from end users. This fine was the first against a major global technology company. Google chief privacy officer Keith Enright recently stated that the company intends to appeal this ruling, and it is believed that the case will wind up before Europe’s highest court. Regardless of how the case pans out, the message is clear that the EU is not messing around when it comes to enforcing GDPR compliance. More fines are expected, and business leaders are taking note. “There is always a delta between when a new regulation comes into place and when the various institutions are ramped-up to support it,” explains Anupam Sahai, vice president of prod- uct management at Cavirin. “The first few years of enforcement also help to refine how it is enforced. When we adopt the California Consumer Protec- tion Act (CCPA), we can expect the same. But think of it this way. A speed limit tends to moderate behavior, even if every violator doesn’t get pulled over. We’re seeing that GDPR has the same impact on internet privacy.” “GDPR is a step-change in the level of seriousness that companies need to apply to the protection of personal data (PD) within their organizations,” says Chris Evans, vice president of regulatory affairs and a privacy compliance officer at PCCW Global. “This is crystallized by the level of the potential fines applicable to breaches resulting in the loss of PD, not to mention the reputational harm, which inevitably results from the negative publicity associated with a data breach. Companies are discovering that the PD sitting in all sorts of places in their orga- nizations and systems -- which they were either unaware of or had consciously ignored -- are often insufficiently safe- guarded and unnecessarily retained.” According to Evans, though, there is a significant variation in the response to GDPR across the industry. “Some appear to be, from the out- side, taking very little action, but this may reflect the low sensitivity level of the PD they process – i.e. business con- tacts only. While others are taking very stringent measures in their relationships with suppliers and customers.” One significant B2B provider, for example, has determined that connec- tivity providers are actually “process- ing” (within the meaning of GDPR) the “payload data” which they connect to the connectivity services provided to them, explains Evans. Most Significant Challenges in Getting Ready for GDPR Meeting data security requirements 42% Internal training 39% Staying on top of the ever-evolving developments as the regulation matures 35% Complying with Privacy by Design requirements 34% Meeting data subject access requests 34% Cataloging and inventorying our data 31% Enabling data deletion requests 30% Hiring/Identifying data protection officers for each relevant geography 29% Vendor management 28% Source: Cisco 87 March - April, 2019 | Channel Vision