Industry commentary on Data Protection Day
Mr. Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies, India
“Data Protection Day serves as a global reminder for one of the most important responsibilities of any organization, which is to keep sensitive and mission-critical data secure. Today, many organizations in India and around the globe are exposed to sophisticated vulnerabilities, as their infrastructure and data security framework is inadequate. Malware, ransomware and cyber threats have become more specialized and penetrative. Once a lapse is identified, attackers can misuse the data and create situations in which data, once lost, may not be recovered.
With the hybrid work model, organizations also process complex amounts of data in environments where frequent exchange of data may occur from multiple touchpoints. The influence of emerging tech like cloud-native applications, Kubernetes containers, and AI in day-to-day business activities also increases the risk of misuse of data due to the lapse in the upkeep of cybersecurity goals and IT infrastructure, making organizations vulnerable to cybersecurity threats.
Consumers are also constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk. Consequently, organizations must make security a top priority to maintain consumer trust and remain compliant with regulations.
To address these challenges, a few steps that organizations must take, include, an accurate inventory of data. This is critical for adhering to data privacy regulations, such as GDPR. Many organizations may not know the information they have or where it is going, thereby making it difficult to protect it. Additionally, solutions that dynamically allow or deny access based on contextual factors like a user’s location, device type, or job function are highly favorable, along with data loss prevention (DLP) capabilities. India is also taking steps to implement a data protection framework that incorporates many elements of the GDPR.
Ultimately, in today’s highly regulated data environment, Indian organizations need to adopt and build effective compliance strategies to achieve business value. Organizations with low levels of data protection and data governance frameworks need to change quickly.”
Sandeep Bhambure, Vice President & Managing Director, Veeam India & SAARC
“Data privacy has become a high priority for corporations across India, owing to factors such as increased global business operations and outsourcing of work to specialists outside of the organisation. Furthermore, the increased adoption of hybrid working models has made data maintenance and security more difficult. The significant increase in digital convergence has made it possible to easily exploit data beyond the stated intentions. This has added additional responsibility on organizations to protect the personal data of its employees and customers. Gartner predicts that by 2024, worldwide privacy-driven spending on data protection and compliance technology will exceed USD 15 billion annually. The Indian Government too has proposed a data protection law for data privacy assurance to support the ongoing issue around data privacy breaches. These standards seek to provide a privacy assurance framework for organizations to establish, implement, maintain and continually improve their data privacy management system.”
Rajesh Ganesan, Vice President, ManageEngine
“As the union government gears up to introduce laws to protect consumer data, organisations should bear the onus of educating their employees. Data protection is only successful when all components within the infrastructure—including all employees—are prepared to handle it. To do this efficiently, data protection must be built right from the design stages of all services and operations. It should be present as a strong, invisible layer. It is best to educate employees on the do’s and don’ts of data protection in a way that is contextually integrated into their work, as opposed to relying solely on periodic trainings. Given the forthcoming legislation, corporate data management is more important than ever, and it’s up to business leaders to create the teams, structures, and expertise to keep all their corporate data well-protected and staying compliant in 2022.”
Kumar Vembu, CEO and Founder, GOFRUGAL
“It’s time to understand what freedom means, mainly digital freedom. We leave our digital trails whenever we engage digitally. Algorithms have started using the data to condition our minds, influence, and sometimes even dictate what we should be doing in the future.
Data protection is all about freeing ourselves from digital slavery. The goal of data protection is to give power to the data owner. It is the capacity to decide what data should be stored, how it should be used or not used, and to make sure they don’t end up as slaves to the machines.
Data protection means empowerment to the consumer so that they have the freedom of choice every time they shop. It is about establishing a level playing field and healthy competition in business. Most importantly offer a guarantee about the security and safety of personal and business data.
On this data protection day, let us commit ourselves to understanding our rights to enjoy our freedom as digital citizens.”
Yogesh Badwe, Chief Security Officer, Druva
“Data privacy had a big year; hybrid work opened the floodgates to new data security and privacy risks, there were eye-watering fines from high profile data breaches and new privacy laws such as the China Personal Information Protection Law (PIPL) went into effect as more regulations continue to surface. The India Data Protection Bill will likely be passed in February and a federal data privacy regulation is even under serious discussion in the United States. Regardless of how the data privacy landscape continues to evolve, there are fundamental steps every business can take to put privacy first and protect the personal data of both employees and customers.
This year’s Data Privacy Day is an opportunity for businesses to take inventory of their protection practices and identify what more they can do to build trust. Keeping the end user’s privacy interests at heart and leading with transparency is a fool-proof strategy; it will never fail. Seize the moment by reviewing data processing activities to understand what’s being collected, how it’s being stored, and who it’s being shared with – and more importantly, if all of this information must continue to be collected and stored long term. Organizations should look to leverage the cloud to streamline governance and achieve data resilience at scale. Just in the last week, the Biden administration has mandated federal agencies to more widely deploy cloud technologies in an effort to strengthen the nation’s defenses. Now is the time to act before violations result in fines, loss in customer trust, or worse.
Data Privacy Day is only an annual reminder, but we must work to collectively put data protection at the forefront every day afterwards. By taking these fundamental steps, businesses will be that much closer to improving their resiliency and successfully navigating today’s new landscape.”