As the May 25 deadline for Europe’s General Data Protection Regulation (GDPR) inches closer, many treasurers are being lumped with the task of ensuring their wider company is compliant.
This burden of responsibility is added to if the treasurer is operating in an organisation facing frequent structural changes, argues Richard Scase, author and business forecaster on global megatrends.
“In a constantly reconstituted business structure, how do you protect all this data? … How can you when you are constantly having to change the software and the artificial intelligence technologies and everything else that goes with operating in a very dynamic business environment?” Scace asks.
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to a recent report by Calligo, a global cloud services provider.
Fines for non-compliance can make up to 4% of a business’ annual global turnover and the new regulation will not only affect companies inside the EU, but also entities that provide goods and services in the EU in general.
Some businesses owner’s awareness of how Europe’s General Data Protection Regulation (GDPR) will impact their business is “bordering on negligent”, said Adam Ryan, chief commercial officer or Calligo, a cloud service provider offering mid-sized companies data privacy and security.
Ryan argued that many board-level individuals are not engaging with GDPR because they do not want to take the blame if something goes wrong.
“GDPR is driving a truck through one of my clients’ business model as far as I can see”
“GDPR is driving a truck through one of my clients’ business model as far as I can see,” said Ryan, speaking about a company runs a B2B introductory lead generation system.
Neil Stobart, global technical director at data storage firm Cloudian, argues: “The main concern for treasurers… will be gaining an understanding of how to assess existing data to ensure that it is being legally held and, following that, how they are able to go about cleansing it.
“Existing data will be in numerous formats and, to fall in with GDPR regulations, it will be important to have a consolidated search in place”
“Existing data will be in numerous formats and, to fall in with GDPR regulations, it will be important to have a consolidated search in place,” he tells GTNews.
Stobart recommends treasurers use a “simplified checklist” to ensure they are compliant. This would include, “ensuring existing data is legal and searchable and putting an appropriate technology solution in place for data protection and security so that it will be consistently held in a compliant fashion moving forward,” he says.
Stobart recommends doing this using object storage (also known as object-based storage) which is a computer data storage architecture that manages data as objects.
This is opposed to other storage structures like file systems which manage data as a file hierarchy and block storage which manages data as blocks within sectors and tracks.
“Object storage employs user-defined metadata alongside the user data, which provides applications and end users the ability to automatically tag data objects. These searchable content descriptors let you search and find data more easily than other methods,” explains Stobart.
For this reason, metadata is the key ingredient for GDPR compliance, argues Stobart.
Do we have the right to be forgotten on blockchain?
While being able to search, find and potentially delete metadata works well for many company records, data stored on the blockchain doesn’t comply with GDPR’s demands so easily.
“Due to the append-only data store nature of blockchain, data is unchanging and unable to be deleted”
Due to the append-only data store nature of blockchain, data is unchanging and unable to be deleted.
“I think this will be the main issue arising from GDPR for blockchain technology, as the primary objective of the regulation is to provide people with more control over their data – in particular ‘the right to erasure’ or, the right to be forgotten,” Stobart explains.
“Adoption of blockchain technology should be considered carefully when EU personal data has to be considered.
“Data erasure at request is a key tenant for GDPR, so business process needs to dictate how this technology is deployed,” he tells GTNews.