Data protection is the most pressing item on the business agenda for organisations around the world today. Since the Cambridge Analytica scandal, the tech industry, investor market and general public have been waiting to see the real impact of Facebook selling its users’ information to third parties.
Now we know.
Over a 48-hour period in late July, Facebook saw $119 billion wiped off its market cap. The valuation of the company fell from $620 to $500 billion dollars, and founder Mark Zuckerberg woke up $17 billion poorer. Additionally, user growth declined across Europe as trust fell in Facebook’s ability to provide adequate data protection.
GDPR (General Data Protection Regulation) is simultaneously one of the most mundane yet terrifying acronyms of recent times, the most obvious manifestation of a wider data privacy narrative. Since its introduction, we’re all once again on tenterhooks to see who will be the first to get slapped with a massive fine for mismanaging their user data. So far, there have been small breaches of the regulation that have resulted in reprimands and guidance on best practice, but rest assured there will be a high-profile case sooner rather than later.
The market has spoken. People care about their data and authorities care about how businesses use it. There is a clear risk to businesses who slip up, so companies are now being forced to pull their best security or management staff out of their day jobs and re-focus them on managing data protection. Without upskilling them or having dedicated experts, many companies have non-specialists in a role which requires expert knowledge and best practice. You wouldn’t let the CTO take on your accounting, so why is someone in IT in charge of data protection without proper training? It’s a dangerous precedent to set and highlights the issues in talent management that still dog businesses of all sizes in the current market.
The answer? Outsource your data protection offering. By ensuring that vital tasks are handled by talent that is best-placed to do so, business can meet a very specific skillset, guaranteeing longevity, as well as a process and a set of standards to ensure the organisation – and its entire supply chain, often not even considered in the process – remains compliant.
The International Association of Privacy Professionals estimates that up to 75,000 Data Protection Officers (DPO) will be needed as a result of GDPR. Helpfully, Article 37(5), of the GDPR expressly provides that a DPO can be either a staff member or a contractor, thus enabling the enterprises to look for highly qualified, outsourced talent to help them meet the challenge of data compliance.
With security roles in dramatic demand, security threats on the increase and a well-publicised tech skills shortage, outsourcing data protection to allow your existing staff to deliver value in their specialised roles may just relieve some pressure on decision–makers.