Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | Pardot Privacy Policy | Oktopost Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

The vital role of data protection within security strategies

By Deborah Dillon, Head of Protection and Privacy, Atos

Deborah Dillon

Privacy functioning across disciplines

Personal data is now widely used by organizations across the public and private sector to provide better personalization of services and to give organizations competitive advantage. Because of this, protection of personal data has become a vital aspect of digital security in order to maintain the trust of consumers and citizens.

If consumers believe their data is not being appropriately managed, they could withdraw the right for organizations to use it. This debate is currently ongoing in the UK with patients now given the option by the National Data Guardian to opt out of sharing their data with the NHS. This move came as a result of citizens not trusting that the appropriate privacy measures were in place to secure their data and anxiety over its ability to be sold or shared with third parties. Privacy must be considered as a vital ingredient to business strategy, which means it needs to be understood from board level to operations within an organization. It can no longer serve as a function that sits solely within legal and compliance, it must be cross- discipline and its importance must be understood by all.

Putting privacy at the heart

Understanding data classifications and how it must be stored and processed is a vital aspect of maintaining its integrity in accordance with privacy laws. This requires having the right processes, tools, and technologies in place to encrypt and safeguard to the right level.
The introduction of GDPR recognized that digital transformation brought increased complexity to the area of privacy and Article 32 requires Data Controllers and Data Processors to implement technical and organizational measures that ensure data security appropriate to the risk presented by processing personal data.
Privacy must be built into digital security planning with privacy by design principles in place and data privacy impact assessments as standard. There must be an awareness of what data is being held, how sensitive it is, and what the ramifications of any data breach would be. Under GDPR, there is a 72- hour timeframe in place for reporting a data breach to the Regulator. An understanding of what constitutes a serious data breach and what needs to be in place to manage any fallout should one occur needs to be in place, preferably at board level or with direct access to the board if necessary.

Scenario planning

For this, a data management playbook that roleplays the management of a serious data breach can be useful. You cannot wait until something happens. You need everything pre- prepared in your back pocket to manage any breach should it occur. The hours following a breach are critical to organizations to limit any fall out and damage. Maintaining a relationship with consumers who are giving organizations access to their data is absolutely vital, knowing how and when to communicate is key. There has been an increase in public prosecutions for data breaches and this has the potential to become a serious issue for organizations. Law firms have identified this risk as a new revenue stream and, in some instances, they are chasing and encouraging consumers to bring privacy cases against organizations.

The role of privacy in ethical design

Developing ethical frameworks and standards must be the next step in ensuring privacy laws are not only followed but also improved upon and future-proofed. This is particularly important as the use of technologies such as artificial intelligence (AI), machine learning (ML) and automation have the potential to unwittingly cause harm.
Atos leads the way in ethical design principles for digital, having enshrined the concept within its raison d’être. Working with competitors and the European Union on developing ethical frameworks for design is an ongoing workstream.
If you look at the origins of privacy,
it was brought in after the Second World War to guard against abuses by any authoritarian regime. The right of citizens to know their data is not going to be used in a way that has the potential to harm them is vital. The data genie is out of the lamp, we cannot put it back, but we can guard against misuse of the power it brings.

According to Gartner, privacy is no longer “just a part of” compliance, legal or auditing, privacy is becoming an increasingly influential, defined discipline of its own, affecting almost all aspects of an organization. As a rapidly growing stand-alone discipline, privacy needs to be more integrated throughout the organization.

Share this Page

By Deborah Dillon, Head of Protection and Privacy, Atos