Confucius once said ‘Life is really simple, but we insist on making it complicated.’ One can only imagine Confucius’ reaction to a roundtable with a DPO, CISO and CIO in 2018. ‘You connected what, why?’ ‘You understand this behaviour, how?’ ‘Robots are storing information, why, how and where?’
Staring bleary-eyed back at Confucius the tech leaders might retort, ‘We aren’t making it complicated, we are the ones managing complexity.’
Herein lies the reality for the technology leader in 2018; the advance of technology lies outside of our control, and like the frog in the boiling pot, the heat to protect critical data is starting to bubble, with little support for upgrading the more resistant capabilities of those who find themselves in the pot.
In a search for that extra protection, DPOs in particular are turning to technology, and here’s how.
The Era of the Technology Enabled DPO has Begun
The 2018 EY-International Association of Privacy (IAPP) study showed that 56% of businesses believe they are not entirely GDPR compliant with 20% of businesses believing full compliance is impossible.
To understand how DPOs are turning to technology to close the compliance gap, let’s look at how spending on data privacy/GDPR compliance has changed over the past few years.
The EY-IAPP report has a few telling statistics in this regard:
- Amongst companies preparing for GDPR 57% are investing in technology in 2018, up from 27% in 2016.
- 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.
- IT and Information Security are now responsible for housing 30% of GDPR/information governance programmes up from 14% in 2016.
- Right to Be Forgotten and Subject Access Requests were voted the two most difficult GDPR obligations to fulfil. Both currently rely on manual data discovery processes across multiple applications and platforms.
The observed compliance gap, alongside the shift away from human-resource spending to technology spending, suggests that the problem of data discovery, compliance and security is one whose solution supersedes the capabilities of even the best-intentioned human resources.
At the same time the number of DPOs are on the rise, with DPO vacancies up a staggering 700% from 2 years ago.
We can learn two things from this:
- Data Protection Officers are turning to technology to help discover and protect data
- Despite the increase in technology uptake, the human role of directing technology is more important and involved than ever.
And so the era of the technology enabled DPO has begun. Fortunately, technology for DPOs seeks for the most part to automate manual process, making the marriage between humans and tech in data protection truly Cyborgian in nature.
This marriage should seem intuitive as the first role of any newly appointed DPO is to answer, ‘What data do I have? Where is it? Who has access to it? How is it secured?’. It’s unrealistic for Data Protection Officers to be literally hands-on with data in 2018 hence smart data discovery and control tools coming to the fore.
So what technology solutions can help?
Data discovery and compliance technologies like Exonar in the UK have emerged in the past 18 months with plug in and play solutions for automated enterprise data discovery where previously none existed. The solutions discover data automatically to create accurate, real-time, classified inventories of information that allow DPOs to see a full breakdown of data and its sensitivity across an organisation, enabling DPOs to govern and protect data effectively.
Through the marriage of DPOs and data discovery technologies, data protection programmes can instantly become much more achievable, accurate, and less work for those involved. The era of the technology enabled DPO has begun.
Data and Privacy Director, Exonar