Is GDPR going to safeguard individual privacy and provide data security?

Threats to data security and data integrity have increased significantly in the past few years. In today’s world, it is critical that business entities protect individual’s information and respect confidentiality. But where are we when it comes to privacy and confidentiality?

---

“Nothing may be secret or confidential, like it or not like it. GDPR is being talked about but in reality, but does privacy exist in digital?” probed Dr. Jitendra K. Das, Director, FORE School of Management, New Delhi, as he raised a global issue of data-security threat looming large, citing recent instances like the breach of data security and violation of policies by Facebook & Cambridge Analytica.

Dr. Das was moderating a session on ‘Big Data - Security & Privacy Issues and Challenges’ where subject matter experts - Mr. Ravi Sogi, Head - Product Security and Privacy, Philips; Mr. Sridhar Sidhu, Head of Enterprise Information Security Services & Regulatory Compliance Risk Services Groups, Wells Fargo; Mr. Shailendra Singh, Chief Information Security Officer, Capillary Technologies, were the other panelists.

According to Mr. Shailendra Singh, the explosion of data collection has happened because of the connectivity which we have now and the ‘hyperdata’ generated by machines. “Organizations used to collect data from wherever they can, whatever they can, however they can. Change is happening, situations are improving, confidentiality has not been addressed yet but ‘confidentiality’ has started becoming the primary objective of the collaborators”, he said.

Sharing similar positive sentiments, Mr. Ravi Sogi, spoke ‘General Data Protection Regulation’ (GDPR) which is a legal framework that sets guidelines for the collection and processing of personal information of individuals and compliance. According to him while we individuals are constantly leaving a digital trail, GDPR is here to regulate the privacy and security. “Immense power is to be given to individual through privacy control tags to safeguard one’s privacy”, he said.

Mr. Sridhar Sidhu had a realistic take on the matter. He said GDPR is getting cognizance but security vulnerability remains. It is a matter of time and may take the next few years to actually be effective. The entire thing of taking consent of the individual for using his data and personal information has to be better grafted where the individual has a better understanding of what he is giving consent to.

Dr. Das, who has been with IT MNCs prior to his tenure with various IIMs and FORE School, has also been associated with several regulatory & advisory committees, cited the recent Punjab National Bank scam, and said that the ‘weakest link is probably the Human Being’.

Integrity at both organizational and individual level with robust check & balances in the process, and stringent regulatory reforms can only ensure individuals’ data security. With the increased usage of cloud storage, data is vulnerable to several types of attacks. To ensure the security of data on these storage platforms, it is necessary that the cloud provider should comply with the regulatory requirements and security policies. “While laws are being enacted for Big Data usage, we are still struggling with compliance frameworks on data-security and policies on how people can be protected in future. Ethical conduct of the custodian of the data is always a question”, said Dr. Das.

“Compliance and regulations are changing the methods from compliance-based to a more of a proactive method independent of cost factors. The focus is also being made now on how quickly one can dispose of the data which is not required”, added, Shailendra Singh.

The Global Summit on Data Protection, Privacy & Security “Reforms, Challenges & Opportunities”, was organized by ASSOCHAM, at Hotel Taj, Bengaluru.

---