Connect with us

Hi, what are you looking for?


Four years on: What have we learnt from GDPR?

Many companies are still ending up in trouble with GDPR. Yet there are some simple measures to take.

Image: © AFP/File
Image: © AFP/File

Four years ago, the European Union (EU) launched the General Data Protection Regulation (GDPR). The regulation was designed to ensure companies are held accountable for securing and protecting consumer data. The regulation proved to be influential, inspiring similar legislation in the U.S. and other territories.

While it has improved the privacy rights for millions, major complex data challenges remain today.

In light of the anniversary of GDPR, Chad McDonald, Chief of Staff and CISO at Radiant Logic, explains to Digital Journal what these challenges are and why they matter from the business perspective.

McDonald begins by considering the complex nature of the modern firm and the vast amount of electronic data generated. He notes: “Due to the rise in digital transformation efforts, we are seeing an explosion in the number of digital identities businesses store, which makes controlling and managing identity data much more difficult.”

As an example, McDonald says: “Unfortunately, when organizations struggle to manage identity data, they are at risk for breaking GDPR rules by failing to keep identity data accurate and minimized, not to mention are more vulnerable to cyber criminals.”

The complexity continues, with McDonald  noting: “Organizations have been scattering their identity data across multiple sources and this identity sprawl results in overlapping, conflicting or inaccessible sources of data. When identity data isn’t properly managed, it becomes impossible for IT teams to build accurate and complete user profiles.”

Furthermore, McDonald  says: “It can also result in siloed systems which increases the likelihood of a failure in identity management and expands the attack surface of an organization.”

Recent cases demonstrate this: “For example, Bocconi University was fined $214,000 after the Italian Data Protection Authority discovered that the same student information had been placed into multiple, fragmented documents – violating the GDPR principles of fairness, transparency and lawfulness when it comes to data processing. Poor identity management practices provide gaps for threat actors to exploit.”

McDonald draws on further examples to make his point: “In addition to minimal visibility across data sources, businesses also lack control. Without accurate user profiles, security teams and systems are unable to figure out what users should be accessing in order to fulfil their job. The most notorious GDPR fine was incurred by British Airways, which was over $50 million for failing to limit access to applications, data and tools. With some of the largest enterprises being found guilty of breaking GDPR rules, it is time organizations look to sanitize and streamline processes when it comes to Identity Access Management.”

There are measures business units can take, and McDonald  recommends: “Using an Identity Data Fabric, organizations can unify identity data into one easy-to-use global profile which can deliver identity data, on-prem or in the cloud, in real-time from wherever and whenever needed, on-prem. With accurate identity data, security teams have complete control over who has access to what, and they can feel more confident that they’re meeting all the GDPR regulations.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


A new phishing campaign uses HTML attachments that abuse the Windows search protocol.


Too little has been done for too long. This may well be the first instalment of the payoff.


The most expensive city was found to be London, followed by Amsterdam, Chicago, Oslo and Edinburgh.


Venezuelan opposition presidential candidate Edmundo Gonzalez Urrutia speaks to reporters in Caracas on June 13, 2024 - Copyright MIZAN NEWS AGENCY/AFP/File Amir Abbas GHASEMIA...