Our blog

The five toughest GDPR challenges you need to overcome


20 July 2017

Jose Francisco Pereiro Seco

Blogs by author: Jose Francisco Pereiro Seco, Head of Data Security Europe, BT.


Digital transformation means using tech to get ahead. But that same tech can also be the biggest barrier to General Data Protection Regulation (GDPR) compliance. Here’s why.

The pros and cons of digital transformation

Giving your people the tools they want and need to get the job done improves your productivity and helps you stay competitive. But there’s a catch. New tech also means new security threats you might not be aware of. And what’s more — holes in your security could stop you from achieving compliance with GDPR (a set of cyber-security regulations that every business will soon need to adhere to).

In an ideal world you’d make the most of all the technology available to you, while staying completely secure. And that’s something we’ll help you achieve, right here in this blog post.

Five security challenges, and how to overcome them

We’ll take a look at five technologies and practices that are currently making waves in every industry — focusing on why you’ll want to use them, why they pose a security challenge and how to overcome that challenge.

1. Cloud computing

Most companies already use the cloud, whether for internal purposes or to meet customer demand. But many also share the same concerns about security in the cloud. And this stems from a lack of control over underlying IT infrastructure used in cloud services.
To overcome these security concerns, choosing the right cloud provider and agreeing the contractual terms to manage security is fundamental. On top of that, controls such as information rights management (IRM), cloud access security brokers (CASB) and cloud data-loss prevention (CDLP) can offer the same (or better) security than on-premises solutions.

2. Big Data

Big Data gives you the power to model and anticipate customer and market behaviours, giving you greater insight and helping your decision-making process. However, the sheer scale of data you’ll have to deal with, means the impact of any security breach would be significant.
To minimise the risk, and comply with GDPR, you need to draw on a wide range of security advice, from architectural and technical to more strategic consultancy.

3. Shadow IT

While not a technology in itself, shadow IT is intrinsically linked to digital transformation. Occurring when your people take it upon themselves to get equipped with the latest devices or programs, shadow IT can mean that people become more productive. But it also poses a big security risk. In fact, it can be a downright dangerous practice if controls aren’t in place to protect data.

To overcome the challenge posed by shadow IT, you need to implement security processes that identify and inspect hidden data flows.

4. Mobility

Your people at all levels, as well as third-party contractors, now use portable media, smartphones and mobile apps to access corporate data and applications. This means protecting the traditional company network is no longer enough — because the network now extends to any place employees can work (home, hotels, airports, etc.).

That means you have to put technologies in place to protect the user, the devices and the data, regardless of where the user works.

5. Internet of Things (IoT)

We’re in the early days of the IoT, but if your business roadmap includes the development of new services or processes around this new capability, it has to make data security a mandatory part of the agenda. This is because, with IoT, we will see highly-sensitive information, such as health data produced by wearables, family information in smart homes or geo-localisation by smart cars, shared between devices.

Protecting this data requires expert security consulting services and specific solutions, because the technical foundations of the IoT rely on infrastructure not commonly used in corporate IT.

As you can see, new technology can help you gain a competitive advantage over your rivals. But rushing to deploy it without addressing the security considerations could see you fall on the wrong side of the GDPR.

The tips we’ve given here are a great place to start. For the whole story, download our white paper. With it, you’ll discover how to comply with the GDPR and find out why greater data security creates opportunities for your organisation.