No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

GDPR Turns 1: Where We’ve Been and Where We’re Going

3 Compliance Lessons Learned from GDPR’s First Year in Effect

by Mike Fitzgerald
August 1, 2019
in Data Privacy, Featured
cupcake with orange frosting and sparkler candle on blue background

In 2018, with the General Data Protection Regulation going into effect, data security finally secured a spot in the boardroom. SoftwareONE’s Mike Fitzgerald discusses takeaways for compliance practitioners in the year that’s passed since.

After years of IT professionals arguing its importance, data security firmly secured a place at the boardroom table across most industries in 2018, further illustrating that it is (and will continue to be) a top concern for organizations at all levels. A year later, it continues to draw attention.

Data security is not just good business practice, it is crucial for companies to survive. Fines associated with data breaches and the General Data Protection Regulation (GDPR) can equal as much as four percent of annual revenue – a high enough price that will make noncompliance cost prohibitive. Many countries (and the technology community) are instituting additional data protection policies on a local and global level to safeguard against data loss.

To move forward with better data privacy, it’s important to know where we’ve been and learn from others’ mistakes. Here are the top three lessons GDPR has taught organizations about data privacy and security:

1. Cybersecurity is a C-Level Issue

No longer is cybersecurity a siloed initiative that IT departments are tasked with maintaining. It has worked its way up the corporate ladder quickly and reached the boardroom. When a whopping $63 million in fines have been imposed since the GDPR privacy law went into full effect, it’s no wonder it has received the C-suite’s attention. New fines, like the recent British Airways situation, are making headlines every day. This only increases the need for the attention from the C-suite, as it hinders a company’s bottom line.

Upon closer examination, a recent study found that 87 percent of board members and C-suite executives lack confidence in their organization’s degree of preparedness against cybersecurity threats. When an issue arises that directly impacts a company’s bottom line, regardless of its origin (IT/data security, supply chain, product development, etc.), it’s imperative that it is elevated to the C-suite to be addressed. Since implementation, GDPR has required the C-suite to make cybersecurity a boardroom issue to better protect themselves, raise their confidence levels in preparedness against cybersecurity threats and save themselves money.

This begs the question: What does the future look like with GDPR? The best approach is a comprehensive IT strategy to incorporate all levels and maintain a strong cybersecurity defense. This strategy requires everyone’s involvement and is no longer just for IT, making it imperative for the effort to begin at the top. Cybersecurity and data security need to be part of the IT and data strategy foundation to ensure effectiveness. This reinforces its value to the organization and better protects the company’s assets.

2. A Growing Sense of Accountability

According to the Verizon data breach report, external sources account for 69 percent of all attacks, with insiders accounting for approximately one-third of all cyber incidents. In 2 percent of the cases reported, business partners were involved, and in 5 percent of the security incidents reported, multiple parties (both external and internal) were involved. Situations like this demonstrate that it’s critical that everyone in the organization is accountable and should know who is handling their data.

The current state of the cybersecurity skills shortage is requiring everyone to step up, especially if there is high turnover. High turnover can create holes in protection. This, combined with the anticipated 3.5 million unfilled roles by 2021, means it’s more critical now than ever that everyone works together for protection.

3. Increase Network Visibility

To effectively protect against data breaches, IT decision-makers need to understand and control how data flows throughout the organization. Data flow mapping tools, which simplify how organizations map data flows, can help identify and resolve data protection issues quickly and cost-effectively – ultimately reducing the risk of a breach.

The recognition of security as a C-level issue causes an increase in accountability throughout the organization, which then increases network visibility. The timing for this couldn’t be more perfect, as an increased rate of migration to the cloud and the introduction of 5G means companies are generating and capturing more data than ever. Reconciling this data and knowing who is handling it and where it is being stored is imperative to ensure privacy standards. The need for real-time visibility and updates will increase an organization’s ability to know immediately when a data breach happens – ultimately allowing more time to react, protect victims and save money.

Since GDPR went into effect in 2018, a lot has changed in regard to data privacy. Cybersecurity being recognized as a C-level issue, the need for more accountability and an increase in network visibility are only three of the many lessons learned over the past year. These lessons are interconnected, and the acceptance and application of them lead to success, ultimately impacting an organization’s overall security.

Once cybersecurity becomes a C-level issue, it will increase accountability through a comprehensive cybersecurity strategy, ultimately allowing increased network visibility for all parties to do their jobs efficiently. While GDPR has been operational for a year, we still have a long way to go to ensure data privacy. Embracing these three lessons is the first step.


Tags: Data BreachGDPR
Previous Post

Nymity Report: Taking the Pulse of the Privacy Office

Next Post

Passwords: A 2,400-Year History of Unreliability

Mike Fitzgerald

Mike Fitzgerald

Mike Fitzgerald is the Chief Innovation Officer at SoftwareONE, currently based out of North America. Mike joined SoftwareONE in 2016 as the company’s Global Solutions Leader and was responsible for the SoftwareONE solutions practice worldwide. Mike has extensive experience in building and growing businesses and business units in Managed Services, Cloud, End-User Computing and Application Development. He previously founded and served as Chief Technology Officer (CTO) of the award-winning startup Innov8. He has also held roles as CTO and head of pre-sales across the emerging technology industry. Mike is a  tech-focused thought leader, investor and contributor, bringing innovation to the technology community through his advisory and consultancy expertise.

Related Posts

new york and us flags

New York Tightens the Breach Clock: 30 Days to Notify

by Melissa Crespo and Reiley Porter
May 12, 2025

State joins growing national trend toward broader personal information definitions and stricter notification timelines for data compromises

origami tiger

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

by Hans Kayaert
March 24, 2025

Why Belgium's early adoption model could prevent another round of ‘compliance theater’ across Europe

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

gdpr website screenshot

In the World of JavaScript, GDPR Consent Forms Merely Scratching the Surface

by Rui Ribeiro
December 16, 2024

Consent forms alone don’t mean much when consumers are so tired of checking boxes they don’t even read the policies

Next Post
screen scanning finger for print

Passwords: A 2,400-Year History of Unreliability

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights