GDPR Is Six Years Old: What Is Its Impact On AI?

Uploaded on 2024-05-24 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The 25th May marks the 6th anniversary of GDPR, the EU’s data protection regulation. Its introduction was met with mixed reviews, with some praising it for overhauling data protection in the region, while others saw it as an insurmountable challenge due to the overhaul it brought to data management practices. But has the sentiment changed 6 years on? 

We have collected commentary from leading tech and security businesses to understand their views on GDPR and what the future may hold for the regulation. Let’s find out what they have to say.  

Matt Cooper, Director of Governance, Risk and Compliance, Vanta"Another year older doesn’t necessarily mean another year wiser - a lesson we’re learning on GDPR’s 6th anniversary.
 
"Many businesses across Europe are still struggling to adapt their data management practices to meet the regulations' strict requirements 6 years on. And despite significant efforts, staying in compliance with GDPR remains a resource-heavy task that often demands continuous monitoring and regular audits.
 
"To complicate matters further, AI has become a must-have for many businesses to stay competitive, which is introducing new data privacy risks. This is spreading resources even thinner than before, as businesses are having to adopt robust AI governance frameworks to ensure said novel risks are mitigated, while still grappling with the relatively new GDPR rules. The impact of this is already being felt, with 57% of UK businesses reporting that secure data management has become more difficult with AI adoption, according to Vanta’s 2023 State of Trust report.
 
"However, with risk also comes opportunity. AI has proven particularly effective at automating manual tasks and streamlining compliance processes is no exception. Businesses can use the technology to automate evidence collection and continuously monitor compliance, reducing the burden on their security teams.
 
"GDPR has proven a challenge since its introduction. While its 6th anniversary shows that there may be a light at the end of the tunnel for those struggling, rapid corporate adoption of AI will make it darker before it gets lighter."
 
Agur Jõgi, CTO, Pipedrive:  “The review of GDPR by the European Commission serves business leaders a reminder to keep data policy constantly up to date. In any organisation, data flows in an interconnected network. However, this is just one piece of the data puzzle – added layers of complexity with external data sharing means attention needs to be paid to watertight compliance. This is why it’s vital for companies to work with trusted partners when considering data protection.
 
"If you’re contracting a data processor to carry out certain processing activities on your behalf, such as using a CRM platform for your sales team, you need to know that they are laser-focused on any legislative changes. According to article 28 of the GDPR, the relationship between a data controller and a processor needs to be made in writing, through a data processing contract. And, as the importance of AI skyrockets up the corporate agenda, robust data agreements need to account for machine learning applications crunching large volumes of sales data, enabling continuous compliance and safety. As data transfers happen, inside and outside the EEA, data processors should keep up to speed with the implications that EU GDPR has for businesses.
 
"The fact of the matter is that regulators can exact a heavy toll on companies that don’t meet data protection standards..."

"For especially severe violations, the fine framework can be up to 20 million euros or up to 4 % of total global turnover of the preceding fiscal year. This is why scrutinising all data checkpoints is business-critical, so that organisations can continue to operate in a secure and safe environment with data, and in turn maintain the loyalty and trust of their customer base.”
 
Eduardo Crespo, VP EMEA, PagerDuty:  “The European Commission will undertake a major review of the GDPR framework this month. This review offers leaders a chance to interrogate data security policies, especially in context of next generation technology. It is important that data protection isn’t viewed as just another frustrating piece of bureaucratic red tape – it is designed to protect data privacy, reinforce consumer trust in companies and keep transparency of processes top-of-mind. Data protection, through measures like EU GDPR, relies on two pillars in an organisation: the right technology and the right skills to use it.
 
“Understanding EU GDPR, especially in the context of rising interest in AI, is key. In the market, across digital products and services, there is a mounting keenness to explore emerging technologies..."

"In our State of Digital Operations Report, we found that more than three-quarters of companies are pursuing automation, but there is a lag in adoption. The reason we’re not seeing a full surge in AI for organisations is that data security concerns are acting as a blocker, coming out as a top concern to a third (34%) of business and IT decision-makers, mirroring those concerns of AI.
 
“Organisations who fail to act or deploy enterprise operations solutions and AI do face the risk of falling behind early adopters. With the volume of data and content to store and secure, across retail, media, financial services and a host of other sectors, security and cloud investments need to remain both timeless and timely in the IT world, especially with the backdrop of EU GDPR review. At the ship’s helm, leaders have a responsibility to prioritise risk reduction, revenue protection, and operational resilience, while ensuring that data flows in a safe and secure way. These are precisely the outcomes companies can aim for with concrete data strategy, as well as collaboration with the right data processors, who are eagle-eyed when it comes to regulation-related updates.”
 
Michel Isnard, VP of EMEA, GitLab"GDPR played a pivotal role in ensuring that organisations recognise that they must integrate privacy, security, and compliance throughout their processes to manage risk effectively and add business value.
 
“The growing need for data to build and fine-tune AI applications, coupled with an ever-increasing number of data breaches, indicates that adherence to GDPR has never been more important..."

"With software delivery in particular, the need for developers to invoke secure-by-design principles becomes even more critical. Secure-by-design principles ensure the entire development lifecycle has the necessary controls to address vulnerabilities specific to each phase of the software delivery process. It also requires tighter collaboration between developers—with clear functional knowledge of how software should work - and teams with a better understanding of the legislative, regulatory, and security requirements impacting the business. Implementing a framework incorporating the secure-by-design principles streamlines software development and ensures more robust security and compliance and better-governed software."
 
Nikolaz Foucaud, Managing Director, Coursera EMEA: “The European Commission’s GDPR review is arriving at a critical juncture, as any vision for data protection needs to now account for AI’s profound structural impacts. With LLMs requiring vast datasets for their training and refinement, it is imperative to ensure that data privacy and protection checks and balances are in place, especially as leading GenAI players seek competitive edges. For the UK, with its own GDPR framework, eyes will be firmly fixed on the European Commission to assess the result of legislative review.
 
"As AI usage is likely to be increasingly regulated, data protection officers need to be focused on regulatory alignment across borders, and this process will require a fair deal of cross-border collaboration around clear-cut AI strategy. In the UK, to ensure solid management of any regulatory needs, having widespread data compliance literacy will be vital for all organisations. British companies cannot afford to fly blind when it comes to regulation, especially as penalties for non-compliance can be up to £17.5 million or 4% of annual global turnover.
 
"Ensuring that there are appropriate skills within departments to manage ever-increasing datasets in line with new compliance obligations must be a top priority for Britain’s people leaders..."

EU GDPR review will likely signal a need to change policy and procedure in the UK, and successful implementation will only be possible if businesses possess the necessary skill sets. Keeping data and compliance skilling opportunities available across organisations will help data protection experts adapt to ever-evolving regulation.”

Image: GOCMEN

You Might Also Read: 

Navigating The Data Privacy Maze:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Seven Benefits Of Using A Managed Security Services Provider
New Guidance For Business Email Compromise »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.

AFINE

AFINE

AFINE is a trusted advisor in the field of cybersecurity and pentesting.