GDPR Compliance Deadline

This year, the upcoming GDPR deadline has consumed the enterprise security and privacy agenda as companies scramble to adopt new technologies and processes in order to become compliant by May 25, 2018.

Virtually every survey gauging the readiness of privacy professionals in both the U.S. and Europe has revealed that for many companies it will be challenging to comply.

For example, failure to comply with the GDPR 72-hour breach notification rule is deemed the riskiest by respondents on both sides of the Atlantic, and more than 80% of US privacy professionals and almost 70% of UK privacy professionals expect GDPR spending to be at least $100,000.

In 2018, the challenge to comply with GDPR and protect personal customer and employee information will involve new technologies but as businesses increasingly become data-driven to gain competitive advantage, new types of threats and risks will present themselves.

4 Areas Privacy and Security Will Move Into the Forefront

Privacy Compliance as Collateral in M&A

As a pre-condition to mergers and acquisitions, more companies are requesting that the other side – and its third-party vendors – demonstrate compliance with privacy standards such as the GDPR.

To safeguard business assets and brands, demonstrable transparency and accountability for protecting personal information will become increasingly critical to ensure successful business deals and partnerships. In 2018, we’ll see an increase in granular requests for visibility into a corporate transactional partner’s entire information life cycle.

Biometrics, or When an Eye Ball Scan is Stolen

In 2018, we’ll see less emphasis on traditional passwords and more on ways to achieve security via 2-factor authentication techniques involving biometric solutions like voice recognition, facial scans and fingerprints.

For security vendors, the storage and record-keeping stakes are higher to protect biometric data because unlike  a credit card number that can be canceled and reissued, you can’t replace a person’s facial structure with a new one once a facial scan is compromised.

Automated IoT Attacks and More Clarity Around Voice Data

With more connected devices come more threat vectors and machine learning-based attacks. To mitigate those risks, we’ll see increased regulation in 2018 around internet connected devices to better control the growing number of intelligent and automated attacks.

With companies increasingly using IoT and AI in services like customer support, we’ll also see renewed regulatory discussions on how to best develop policies around consumer voice data and ensuring compliance before collecting it.

Cyber Insurance Requisites–Can Faulty Protection Be a Pre-Existing Condition?

The number of data breaches this year, and their massive commercial impact, will cause companies to increasingly adopt cyber insurance in 2018 to reduce the costs of breaches. In turn, cyber insurance companies will require that companies demonstrate a whole new level of data privacy and security to qualify for insurance plans.

The more commonplace breaches become, the higher the bar will be to obtain approved insurance, which may play itself out in the form of providing vendor assessments, incident response plans, implemented policies and employee trainings, and data processing audit trails.

Moving Data Privacy Forward

Time will tell what the new year has in store for security and privacy professionals, but one thing is for sure. As an industry, we must ensure enterprises have the processes and technologies necessary to secure perimeters and  derive business value from the massive amounts of data, all while remaining compliant with regulations and industry policies.

This challenging mission is ample motivation to keep driving the industry forward.

TrustArc has purpose built technology that encompasses proven methodology to help companies deal with these new challenges in 2018. To learn more about how our solutions can help your company, click here.