We live in a world of wide-ranging surveillance. Historically, surveillance has been expensive and difficult to comprehend. However today with technology, surveillance has advanced in leaps and bounds with its tentacles surrounding every aspect of the current virtual world, wherein everything is either collected, saved, analysed or searched over the internet. While technology has streamlined processes, made an individual’s life and work less complex, and given rise to new business models, it has also increased vulnerabilities around potential cases of data thefts.
Recent cases of fraud, cybercrime and ransomware attacks across the globe have led to huge losses, both reputational as well as financial. As per the Association of Certified Fraud Examiners 2018 Report to the Nations, globally there have been 2,690 cases of occupational fraud, leading to loss of more than $7 billion. Another interesting analysis that came out in the report was that data monitoring and surprise audits were correlated with the largest reduction in fraud loss and duration. EY’s Forensic Data Analytics survey 2018 also highlighted data privacy being one of the most vexing risk areas for corporates with 70% of Indian respondents acknowledging data protection and privacy as increasing areas of concern.
Mission information protection
A recently reported high-profile case in the media and the subsequent government and public scrutiny around it has once again brought the prominence of enacting and enforcing data protection and privacy laws into light. India also has been taking strides to protect data in this digital time and age. The Supreme Court of India declaring the “Right to Privacy” as a fundamental right, is being considered a landmark judgement to bring in substantial changes into how data is considered, used and deliberated. Additionally, the introduction of Data (Privacy and Protection) Bill, 2017 proposes to streamline user data protection by setting up a data privacy and protection agency. Lastly, EU’s upcoming General Data Projection Regulation (GDPR) will make businesses in India accountable and responsible for EU citizens’ Personally Identifiable Information (PII) as non-compliance or data breach can lead to severe warnings and penalties.
Ambiguity around data privacy laws prevail
The Government has been introducing new laws and amending the existing ones. Sectoral regulators such as IRDAI, SEBI, TRAI, CCI etc. are also understanding the importance of data protection and have been talking about maintaining privacy at various platforms. However, awareness around cyber laws is still lacking. Most organizations and individuals are still struggling to understand even the basic provisions of laws around data privacy. EY’s report titled, Responding to cybercrime incidents in India also highlighted that 34% Indian respondents said cyber laws needed more clarity.
Today, there is a dire need for organizations in India to find methods on how best to achieve ‘informed consent’ from the masses and at the same time ensure greater awareness around reforms and legislations. Globally, this is taking place at a rapid pace and Indian companies and businesses will need to match up to global standards to mitigate potential data breaches, boost awareness and reduce legal ease.
GDPR – A strategic business opportunity
EU’s GDPR will be effective from May 25, 2018, impacting industries, organizations, businesses, Governments and entities, globally on how the data is managed, processed and protected. Implementing GDPR standards offers many strategic opportunities that may align with other existing business initiatives. These include –
- Improving visibility of customer privacy data:
- Increases cyber protection effectiveness
- Reduces risk and compliance concerns
- Adopting a global approach beyond EU:
- Could simplify compliance efforts
- Lowers risk of potential lawsuits
- Strengthens privacy brand
- Improving cross-functional information flows and cross-system reporting could deliver new insights in:
- Post-marketing surveillance
- Supply chain efficiencies
- Return on sales and marketing spend
- Disposing of junk data:
- Reduces compliance data volume scope
- Improves operational efficiencies
- Realize an aggressive return on investment
- New data maps could streamline:
- Insider threat focus and detection
- Breach response
- e-discovery and legal hold
- Knowledge management
- Creating PII inventories across the enterprise allows for other critical information assets to be tracked to assist with broader risk and compliance concerns
In spirit, GDPR will impact nearly every facet of an organization and presents an opportunity for most businesses to fundamentally transform and improve their internal processes and drive more effective utilization of data – all while enabling compliance.