SPHERE’s Global Head of Security Strategy, James Wilde, was recently featured in an Enterprise Security Tech article titled “GDPR Fourth Anniversary - Experts Share How Far We’ve Come and What We’re Still Missing.” The article gathered insights from various cybersecurity and privacy experts to reflect on the impact of the General Data Protection Regulation (GDPR) since its inception four years ago.
Reflections on GDPR's Impact
James Wilde, Global Head of Security Strategy at SPHERE:
Wilde noted the significant GDPR fines in 2021, such as those imposed on Amazon Europe and WhatsApp Ireland, which demonstrate the regulation's impact. He also pointed out the rapid increase in similar data privacy initiatives worldwide, such as PIPL in China, CCPA in California, and POPI in South Africa. These initiatives, while similar in nature, present challenges for organizations operating across multiple jurisdictions.
Mike Parkin, Senior Engineer at Vulcan Cyber: Parkin discussed the enhanced privacy and control over personal data that GDPR introduced. He acknowledged the significant effort required by organizations to comply with the regulation but noted the benefits in security and customer confidence. He also raised questions about the potential global reach of the GDPR model and its influence on data privacy standards in other countries.
David Friend, Co-founder and CEO of Wasabi Technologies: Friend stressed the importance of data replication across multiple data centers and securing encryption keys. He pointed out that geopolitical factors and sophisticated cybercriminal activities pose new challenges to GDPR and data privacy. Effective data replication and encryption practices are more critical than ever to ensure continuous data access and protection.
Stephen Cavey, Co-founder and Chief Evangelist at Ground Labs: Cavey described GDPR as the most significant privacy legislation globally, raising the bar for data collection and handling practices. He noted the discrepancy in the impact on large and small businesses, with smaller organizations facing greater challenges due to limited resources. Cavey emphasized that data protection is an ongoing journey, requiring continuous adaptation to evolving regulations.
Robert Former, CISO and VP of Security at Acquia: Former explained how GDPR has changed the approach to privacy in technology, making security a priority for companies. He highlighted the importance of understanding the necessary controls for data and integrating security into C-suite discussions. As the regulatory environment becomes more stringent, companies must prioritize security to avoid significant penalties.
Kostas Pardalis, Group Product Manager at Starburst: Pardalis discussed the evolving nature of data privacy and the impact of GDPR on companies and users. He pointed out that cookie consent forms, introduced by GDPR, often hinder user experiences. Pardalis suggested that multi-cloud deployments and federation are essential for meeting data sovereignty demands. He anticipates an acceleration in enforcing data sovereignty due to geopolitical and social factors.
Moritz Plassnig, Chief Growth Officer at Immuta: Plassnig highlighted the EU's leadership in data privacy regulations with GDPR and its influence on other regions, such as California with CCPA. He emphasized the challenges faced by startups and small businesses in navigating regulatory requirements. Plassnig called for a balance between data privacy and innovation to ensure effective data privacy laws without stifling competition.
For more insights from these experts, read the full article on Enterprise Security Tech: GDPR Fourth Anniversary - Experts Share How Far We've Come and What We're Still Missing.