Data Privacy is a concern for all business owners – or at least it should be. With the majority of business now being carried out online by a remote workforce, keeping data safe has never been more challenging, with staff using their own devices, unsecure internet connections, and the potential for non-company individuals to access devices and therefore data.
Since 2018 data privacy and security has had an increased visibility since the introduction of new GDPR laws which had all businesses panicking about their processes. Since then, the panic has gone but there is a deeper understanding of the importance of keeping all client data safe from hackers, data breaches and general misuse.
So how is this changing in 2021? Although the same concerns are there, there are a number of key data security trends that are expected to arise.
· Public awareness – At present there is more public awareness about data privacy in general. The public are more aware of why companies have their data and how they process it, as well as what they can expect from a company which processes their data as well as how they can respond should there be a breach. An enlightened public are more likely to trust businesses who have data security as a priority.
· Consumer control – Alongside the growth in public awareness is the growth in consumers having control over who has their data. This is likely to increase, with businesses having to be more transparent about what data they require and why. Ensuring the safety of consumer data is essential to maintaining their business in the future.
· Brexit – Of course with Brexit and the new rules surrounding sharing data between EU and non-EU countries (like the UK) it is important for businesses to know what legislation they should be following and therefore what protocols need to be put in place to ensure the data being shared is safe.
In December 2020 Google was fined £91m for their use of automatic advertising cookies in France and Amazon were also given a €35m fine for the same thing. Both companies were using tracking cookies without user consent which violated the French Data Protection Act.
Chrome plans to turn off third-party cookies by the end of the year which will end up having a knock-on effect on the advertising industry. There is likely to be a revaluation on how both the user giving up their data, and the advertising businesses can benefit mutually.
· A stringent policies and processes – Companies are having to carefully reassess their own IT policies and processes to ensure they encapsulate all the new ways of working they have introduced in the past year which will include BYOD policies as well as working from home policies, device access and onboarding and offboarding staff procedures.
This will also include a more robust training programme to ensure staff are well aware of the cyber threats that are out there and how they can be instrumental in ensuring the safety of the data they process.
· Renewed risk assessments – With the remote workforce using shared internet connections security vulnerabilities will be coming from new places such as the IoT (internet of things) which are now prime targets for cyber criminals. Therefore, businesses are having to reassess whether company data will be at risk due to sharing a connection with an insecure smart fridge.
· Minimum data collection – Gone are the days where data can be kept “just in case”. With stricter policing of GDPR on the horizon as well as an increase in ransomware attacks and general cyber attacks businesses will start analysing the data they collect and start reducing this to the data they absolutely must have in order to run the business.
· Company Due Diligence – Businesses not only have to ensure their own security is compliant, but also that of any third parties that they may share the data with as part of their data process. Companies will take data security seriously when they realise they are responsible for the data even once it has gone to a third party. This due diligence also extends to the use of the cloud where there is a shared responsibility for data security.