9th January 2018
GDPR and Digital Transformation
Giving your people the tools they need to get the job done improves productivity and helps you deliver better and more efficient public services. But new technology can also mean new security threats you might not be aware of, that stop you achieving GDPR compliance.
What is GDPR and why is it important?
The EU General Data Protection Regulation (or GDPR) comes into force in May 2018. It gives EU citizens (including in the UK post-Brexit) greater rights over their personal information and places greater obligations on organisations to protect this data. In the event of a compliance breach, organisations can face fines of up to 4% of their annual turnover, or €20 million — whichever is higher.
We’ll take a look at five technologies and practices that are central to digital transformation for Local Government — why they’re important, why they pose a security challenge and how to overcome that challenge.
1. Cloud computing
Many Authorities already use cloud services, but many also share concerns about security in the cloud stemming from a lack of control over their underlying IT infrastructure. Choosing the right cloud provider and contractual terms is fundamental. And controls such as information rights management (IRM), cloud access security brokers (CASB) and cloud data-loss prevention (CDLP) can offer the same or better security than on-premises solutions.
2. Big Data
Big Data gives you the power to model and anticipate public service demands. For example: giving you greater insight and helping deliver the right services, where and when they’re needed more effectively. However, the scale of data involved means the impact of any security breach would be significant. To minimise risk and comply with GDPR, you need to draw on good strategic and technical security advice.
3. Shadow IT
When your people decide to arm themselves with the latest devices or programs, it can make them more productive if properly managed. But it also poses a big security risk and can be dangerous if controls aren’t in place to protect data. So you need the right security processes to achieve this.
People now need smartphones and mobile apps to access corporate data and applications. Protecting the traditional network boundary is no longer enough as data extends to anywhere employees work such as home, coffee shops or clients’ homes. So you need security in place to protect the user, the devices and the data, regardless of where the user works.
5. Internet of Things (IoT)
If IoT or smart cities are on your agenda then data security must be built in at the start. Highly sensitive information such as health data produced by wearables, personal information in smart homes or geo-localisation from smart cars can be shared between devices. This must be protected, particularly as IoT devices and infrastructure are not those commonly used in corporate IT.
The tips we’ve given here are a start. Register for our webinar on 8 February to find out more about how
better data security can be an enabler of digital transformation and how BT can help you.