GDPR Is Six Years Old: What Is Its Impact On AI?

Uploaded on 2024-05-24 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The 25th May marks the 6th anniversary of GDPR, the EU’s data protection regulation. Its introduction was met with mixed reviews, with some praising it for overhauling data protection in the region, while others saw it as an insurmountable challenge due to the overhaul it brought to data management practices. But has the sentiment changed 6 years on? 

We have collected commentary from leading tech and security businesses to understand their views on GDPR and what the future may hold for the regulation. Let’s find out what they have to say.  

Matt Cooper, Director of Governance, Risk and Compliance, Vanta"Another year older doesn’t necessarily mean another year wiser - a lesson we’re learning on GDPR’s 6th anniversary.
 
"Many businesses across Europe are still struggling to adapt their data management practices to meet the regulations' strict requirements 6 years on. And despite significant efforts, staying in compliance with GDPR remains a resource-heavy task that often demands continuous monitoring and regular audits.
 
"To complicate matters further, AI has become a must-have for many businesses to stay competitive, which is introducing new data privacy risks. This is spreading resources even thinner than before, as businesses are having to adopt robust AI governance frameworks to ensure said novel risks are mitigated, while still grappling with the relatively new GDPR rules. The impact of this is already being felt, with 57% of UK businesses reporting that secure data management has become more difficult with AI adoption, according to Vanta’s 2023 State of Trust report.
 
"However, with risk also comes opportunity. AI has proven particularly effective at automating manual tasks and streamlining compliance processes is no exception. Businesses can use the technology to automate evidence collection and continuously monitor compliance, reducing the burden on their security teams.
 
"GDPR has proven a challenge since its introduction. While its 6th anniversary shows that there may be a light at the end of the tunnel for those struggling, rapid corporate adoption of AI will make it darker before it gets lighter."
 
Agur Jõgi, CTO, Pipedrive:  “The review of GDPR by the European Commission serves business leaders a reminder to keep data policy constantly up to date. In any organisation, data flows in an interconnected network. However, this is just one piece of the data puzzle – added layers of complexity with external data sharing means attention needs to be paid to watertight compliance. This is why it’s vital for companies to work with trusted partners when considering data protection.
 
"If you’re contracting a data processor to carry out certain processing activities on your behalf, such as using a CRM platform for your sales team, you need to know that they are laser-focused on any legislative changes. According to article 28 of the GDPR, the relationship between a data controller and a processor needs to be made in writing, through a data processing contract. And, as the importance of AI skyrockets up the corporate agenda, robust data agreements need to account for machine learning applications crunching large volumes of sales data, enabling continuous compliance and safety. As data transfers happen, inside and outside the EEA, data processors should keep up to speed with the implications that EU GDPR has for businesses.
 
"The fact of the matter is that regulators can exact a heavy toll on companies that don’t meet data protection standards..."

"For especially severe violations, the fine framework can be up to 20 million euros or up to 4 % of total global turnover of the preceding fiscal year. This is why scrutinising all data checkpoints is business-critical, so that organisations can continue to operate in a secure and safe environment with data, and in turn maintain the loyalty and trust of their customer base.”
 
Eduardo Crespo, VP EMEA, PagerDuty:  “The European Commission will undertake a major review of the GDPR framework this month. This review offers leaders a chance to interrogate data security policies, especially in context of next generation technology. It is important that data protection isn’t viewed as just another frustrating piece of bureaucratic red tape – it is designed to protect data privacy, reinforce consumer trust in companies and keep transparency of processes top-of-mind. Data protection, through measures like EU GDPR, relies on two pillars in an organisation: the right technology and the right skills to use it.
 
“Understanding EU GDPR, especially in the context of rising interest in AI, is key. In the market, across digital products and services, there is a mounting keenness to explore emerging technologies..."

"In our State of Digital Operations Report, we found that more than three-quarters of companies are pursuing automation, but there is a lag in adoption. The reason we’re not seeing a full surge in AI for organisations is that data security concerns are acting as a blocker, coming out as a top concern to a third (34%) of business and IT decision-makers, mirroring those concerns of AI.
 
“Organisations who fail to act or deploy enterprise operations solutions and AI do face the risk of falling behind early adopters. With the volume of data and content to store and secure, across retail, media, financial services and a host of other sectors, security and cloud investments need to remain both timeless and timely in the IT world, especially with the backdrop of EU GDPR review. At the ship’s helm, leaders have a responsibility to prioritise risk reduction, revenue protection, and operational resilience, while ensuring that data flows in a safe and secure way. These are precisely the outcomes companies can aim for with concrete data strategy, as well as collaboration with the right data processors, who are eagle-eyed when it comes to regulation-related updates.”
 
Michel Isnard, VP of EMEA, GitLab"GDPR played a pivotal role in ensuring that organisations recognise that they must integrate privacy, security, and compliance throughout their processes to manage risk effectively and add business value.
 
“The growing need for data to build and fine-tune AI applications, coupled with an ever-increasing number of data breaches, indicates that adherence to GDPR has never been more important..."

"With software delivery in particular, the need for developers to invoke secure-by-design principles becomes even more critical. Secure-by-design principles ensure the entire development lifecycle has the necessary controls to address vulnerabilities specific to each phase of the software delivery process. It also requires tighter collaboration between developers—with clear functional knowledge of how software should work - and teams with a better understanding of the legislative, regulatory, and security requirements impacting the business. Implementing a framework incorporating the secure-by-design principles streamlines software development and ensures more robust security and compliance and better-governed software."
 
Nikolaz Foucaud, Managing Director, Coursera EMEA: “The European Commission’s GDPR review is arriving at a critical juncture, as any vision for data protection needs to now account for AI’s profound structural impacts. With LLMs requiring vast datasets for their training and refinement, it is imperative to ensure that data privacy and protection checks and balances are in place, especially as leading GenAI players seek competitive edges. For the UK, with its own GDPR framework, eyes will be firmly fixed on the European Commission to assess the result of legislative review.
 
"As AI usage is likely to be increasingly regulated, data protection officers need to be focused on regulatory alignment across borders, and this process will require a fair deal of cross-border collaboration around clear-cut AI strategy. In the UK, to ensure solid management of any regulatory needs, having widespread data compliance literacy will be vital for all organisations. British companies cannot afford to fly blind when it comes to regulation, especially as penalties for non-compliance can be up to £17.5 million or 4% of annual global turnover.
 
"Ensuring that there are appropriate skills within departments to manage ever-increasing datasets in line with new compliance obligations must be a top priority for Britain’s people leaders..."

EU GDPR review will likely signal a need to change policy and procedure in the UK, and successful implementation will only be possible if businesses possess the necessary skill sets. Keeping data and compliance skilling opportunities available across organisations will help data protection experts adapt to ever-evolving regulation.”

Image: GOCMEN

You Might Also Read: 

Navigating The Data Privacy Maze:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Seven Benefits Of Using A Managed Security Services Provider
New Guidance For Business Email Compromise »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Advantio

Advantio

Advantio offers a unique combination of technologies and managed, advisory and testing services to increase your cyber resilience and compliance.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

InterSec Inc.

InterSec Inc.

InterSec Inc. is a cybersecurity company that offers a variety of services to small and medium-sized businesses including CMMC Compliance, Program Management, Governance, & Cybersecurity.

Cysurance

Cysurance

Cysurance is a next-generation risk mitigation company that insures, warranties and certifies security solutions.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

Sacumen

Sacumen

Sacumen is a niche player in the cybersecurity market, solving critical problems for security product companies.