Safeguarding Aussie data with GDPR

Digital transformation has enabled businesses to quickly respond and adapt to challenges brought on by the global pandemic. But at the same time, new data privacy concerns have emerged as organisations increasingly rely on user data and more employees access sensitive information from home.

With the Australian Cyber Security Centre (ACSC) reporting a 13% increase in cybercrimes in the period between June 2020 and July 2021, there is an urgent need for organisations to strengthen their data protection policies to avoid falling prey to these cyber risks.

Going into the fifth year of the General Data Protection Regulation (GDPR), it is time to rethink how we look at data protection — particularly in the age of hybrid working — and if the world's toughest privacy law remains applicable today.

A global snapshot

Compared to the American-Chinese duopoly, Europe's approach to digital governance in data privacy has set a precedent for regulatory regimes across the world.

China passed a new personal data privacy law, modelled in part after GDPR, in November last year while the European Commission and the United States have recently committed to a new Trans-Atlantic Data Privacy Framework on trans-Atlantic data flow in March.

Data transfer, however, remains highly regulated and data exporters must continue to comply with the existing case-law of the Court of Justice of the European Union (EU), according to the European Data Protection Board.

At a time when data security and sovereignty play a crucial factor in organisational innovation and expansion in the competitive global market, a new approach is necessary to build the next generation of cloud computing that guarantees secure data infrastructure.

So why does Europe stand out as a leader in transparent and open data security principles?

An alternative approach to data privacy

Already, organisations are recognising the necessity of a secure data ecosystem. In a recent KPMG white paper, respondents ranked data security and sovereignty as the important criteria for choosing cloud providers, ahead of other criteria such as service and quality. Some have even slowed down or given up cloud migration due to a lack of knowledge of providers’ ability to ensure data sovereignty.

Through the GAIA-X project, Europe is taking the next step towards establishing a sovereign digital ecosystem for its cloud providers. This initiative is designed to comply with GDPR principles and European data laws, providing organisations with a common set of guidelines and requirements for data storage and transfer for cloud services.

Based on values of transparency, openness, data protection and security, the European cloud initiative addresses key business concerns such as sovereignty and portability. On top of that, it also ends lock-in practices and provides the opportunity for data exchange between industry sectors and players.

This 'alternative' approach not only ensures that the European cloud model is easy, transparent and affordable for users but, most importantly, helps to build trust in the cloud. This is critical to provide customers with the assurance that when they adopt cloud technologies, they're better able to navigate the challenges of today's digital environment.

GDPR outlook in Australia

While GDPR has marked a global shift in data protection and privacy across various industries since its inception, many businesses in Australia are unaware that they may be subject to GDPR, despite not being physically based in Europe.

It is important to remember that GDPR targets not only European-based companies, but also companies that provide services to European customers or obtain and transfer any EU citizen's personal sensitive information outside of Europe.

The KPMG research also revealed that, despite recognising the importance of GDPR compliance, 89% of C-suite officers are unsure how to approach it. This indicates that strong public–private partnerships are needed to help organisations better understand the requirements and deploy good data governance policy.

As Australia progresses towards compliance with the GDPR and data privacy requirements, local businesses must ensure they stay ahead of their competitors in terms of their data protection standards, especially if their competitors are operating in Europe. Additionally, it will be critical for organisations to find the balance between protecting personal data whilst allowing for continual innovation with such data.

Looking back on the four years since GDPR came into effect, there is no doubt that it has become the 'gold standard' for data protection in Australia and across the globe. With data protection being a competitive factor, frequently taken into consideration to build consumer trust, it is vital that businesses in Australia adopt Europe's GDPR standards to ensure the highest level of data protection possible.

Image credit: ©stock.adobe.com/au/md3d