The Digital Personal Data Protection Bill 2022, once enacted, will change the way businesses function. The new regulatory law requires businesses to move away from legacy processes and silos and adopt a comprehensive data protection program built with resilience in mind. In an interview with Shashidhar Angadi, Co-Founder & CTO, Exterro, he discusses the importance of data protection, and how technology can lead the way towards cost-effective investments that can help businesses comply with the new regime.
The quote “Data is the new Oil” has been around for a while. Historically data protection has focused on high availability and redundancy with a focus on Recovery Time Objective and Recovery Point Objective. With the digital transformation that has occurred in recent years, enterprise viability and success relies on proper data governance. Well managed data can maximise the ability of enterprises to make effective and informed decisions for revenue growth and profitability. Most organisations require modern data protection. Modern data protection allows organisations to handle data at a petabyte scale and help them conform with tougher data protection and privacy laws. It also provides resilience against insider and outside threats. Modern data protection helps organisations deal with cyberattacks and ransomware as remote working increases proliferation of endpoints.
Data protection software provides resilience against cyber attacks and ransomware. As organisations move towards a hybrid model with on-premise and cloud systems, data protection softwares helps manage and protect data across a distributed infrastructure. Having a centralised system to manage data allows us to look at data via a single pane of glass and also look for threats and vulnerabilities and mitigate them effectively. A good data protection software helps with broader business objectives including resilience, governance and risk management.
When we look at the cyber risk that most organisations need to tackle, one area has always posed a major vulnerability: visibility into third parties. There exists a gap in knowledge about which third parties have access to organisational data and what data privacy risks arise out of the lack of third party visibility. There are also gaps in knowledge about security practices of third parties. This is why any comprehensive data protection programme will also need to understand vendor risk. With the right technology these risks can be mitigated.
Data privacy and cybersecurity are closely linked as cybercriminals often target proprietary and consumer data while perpetrating attacks. Having a robust data protection programme with nuanced tools to mitigate legal and cyber risk is more important now than even. But a data protection programme would also require organisations to harmonise data deletion and retention strategies. Put simply: data you don’t have cannot be breached. The proposed Digital Data Protection Bill 2022 calls for just that — keeping only the data that is important to essential business practices. Adopting data privacy tools can enable organisations to identify which data to retain and which data needs deletion. Such technology can also identify whether data is under another regulatory obligation, or has been requested by a customer for deletion. At its core, data minimization and cyber security are two sides of the same coin as it helps businesses establish deterrence against attacks.
To effectively comply with the law, data fiduciaries or organisations must have an effective inventory of data that resides across departments, in one centralised repository. This would be next to impossible with the sheer volumes of data being generated every day. With tools that are easy to configure and scale, organisations can create a comprehensive data inventory that provides a roadmap to meet compliance obligations, identify existing vulnerabilities, and demonstrate accountability. Automated tools can also gather information for data subject access requests within minutes and also identify which data must be retained to meet parallel compliance norms and which data needs to be deleted. These tools also have the potential to identify and address third party risk and ensure organisations are complying with cybersecurity norms too. Without a unified solution to address the massive challenge data protection presents in India, businesses would risk non-compliance and will end up paying massive fines.
While the 2023 economic environment remains uncertain, edge AI will certainly be an area of investment for organisations looking to drive automation and efficiency. Many of the trends we saw take off last year continue to accelerate with the new focus on initiatives that help drive sales, reduce costs, grow customer satisfaction and enhance operational efficiency.