FINAL WORD
Organisations across
the board must
foster a culture of
transparency in terms
of how data is used.
T
he issue of data protection
and privacy was, until recently,
a conversation confined to a
specific group of people within
an organisation. Unless you were an IT
consultant or a corporate lawyer, privacy
compliance was something somebody
else took care of. So, how have we reached
the point where many organisations
are bound by law to employ a Data
Protection Officer (DPO)? Why are CEOs
now so interested in their company’s data
protection and privacy policies?
You could be easily fooled into thinking
data privacy as a field has only existed since
2018, but nothing could be further from the
truth. From an anthropological perspective,
human beings have longed for privacy for
over 3,000 years. The use of internal walls
within buildings which started to become
commonplace in 1500 AD proves this.
The concept of the ‘right to privacy’ as
we know it is indeed younger – eventually
being formalised as an international human
right in 1948. Sweden became the first
country to enact a national data protection
INTELLIGENT TECH CHANNELS
INTELLIGENT
TECH CHANNELS
Issue 28
law in 1973. Even this, the first tangible
effort to regulate data privacy, happened
in response to public concern over the
increasing use of computers to process and
store personal information.
While our understanding of the current
data privacy conversation must operate
within this context, there is no denying that
2018 was a watershed moment. The General
Data Protection Regulation (GDPR) may be
less than two years’ old, but its impact has
been significant.
As well as its very specific nature which
makes the regulation enforceable, GDPR
regulators have not been frightened to
flex their muscles. To date, it has collected
almost €429 million in fines – serving
as a constant reminder to any business
processing the data of European citizens
that there are penalties for not adhering to
data privacy requirements.
The privacy skills gap
As well as providing a clearer framework
for appropriate data handling practices,
GDPR has made data protection and privacy
more about people. Rather than talking in
terms of technical standards and software
requirements, it is based on fundamental
citizens’ rights and how people within an
organisation can uphold them.
One of the most specific lines of the
GDPR is Article 37, which states that certain
companies must appoint a Data Protection
Officer to be compliant. More specifically,
any public authority, a company whose core
activities require large-scale monitoring
of individuals or consist of large-scale
processing of criminal data.
Wherever appointing a DPO is not
required under GDPR, it is advised as
best practice for companies who need to
ensure they have the right data processes
in place. Given that the latest Veeam Cloud
Data Management report shows that
organisations across multiple industries
will spend an average of US$41 million
deploying technologies to boost business
intelligence, experienced DPOs have become
hot property.
In 2018, when GDPR was passed, as many
as 75,000 vacancies for DPOs needed to be
65