At Fujitsu, we believe that GDPR is an opportunity to make your organization stronger and more competitive. It’s a powerful message. It’s one that I think needs to be stated simply, and often.
Of course, you can’t have privacy without security, but it’s not just about security. For me, it’s all about understanding the legitimacy of your data. Simply encrypting the data isn’t the point, especially if you don’t have a lawful basis for collecting or processing it. That’s why you need to start at the data governance level: Define what you have, why you have it, and understand what it’s for.
That enables you to begin defining the policies required for collection, use, disclosure, retention and destruction, so that you are sure that privacy is reflected throughout the information lifecycle. For example, sophisticated identity and access management ensures that only the right people can access the data in line with their role. That means it’s managed better and more securely. Your people get access to the specific data they need to do their jobs, but not to the data which they don’t need. It protects them and the data, and builds trust and transparency.
If you’re only holding the data you’re supposed to have, then you’re not storing or processing data you don’t need. Obsolete data can be archived or removed. That reduces overheads, makes your people more productive and efficient, and ensures that personal data is kept safe. Privacy enhancing technologies, like digital rights management and data loss prevention, can also help control the way in which data is shared, transmitted or downloaded, and so reduces the potential for nondisclosure or breach.
It’s all about people, processes and technologies: they have to be carefully aligned so that everything fits together properly (find out why in our key issues paper). That’s what we can help you achieve. At Fujitsu, we’re working with customers to find new ways to make the most of data as well as protect it and achieve compliance with regulations like GDPR. For instance, we’re introducing advancements in cyber threat intelligence and automation to help protect data.
We’re also using analytics to learn about how users manage, share, and use data
People are the first line of defence. Most breaches are the result of accidental or deliberate human error, which can often happen as a result of lack of understanding or enforcement of policies. Automation can help detect and respond to changes and adapt policies to protect people and to enable them to be compliant. Our objective is to make people the strongest link, not the weakest
Automation makes you better able to react quicker and respond to a breach should it happen. You can do it proactively, report it in a timely and compliant way, and ensure that you take control of events, rather than the other way around.
The end state you need to achieve is a proactive level of data governance, that delivers smart data protection services. You need to be precise about your data, prevent and preempt problems, and be constantly proactive to meet business demand and evolving threats. If something doesn’t look right, it probably isn’t, so have the processes, people and technologies in place to do something about it quickly.
That’s a great starting position for making the most of the data you hold so you can gain insights, be agile, and get closer to customers, which in the end is the point of the data. It makes you stronger. When you’re strong you can be confident. And when you’re confident you can focus on being competitive.
For more information visit our The GDPR Advantage website.