The approaching GDPR deadline is creating a fascinating disconnect in many organizations. While data security teams focus on locking down information to achieve compliance, business leaders are preaching the gospel of digital transformation—prioritizing the free(er) flow of information. But if it seems like GDPR and digital transformation are at odds, think again. In fact, with the right strategy in place, GDPR should accelerate your digital transformation.
The key to “privacy by design”
Here’s the pattern emerging in most GDPR compliance strategies: Servers, internal networks and on-premises apps get almost all the attention. The majority of companies are considering cloud apps and storage, as well. But “privacy by design” needs to extend beyond your most critical assets that you’re already protecting—probably the least vulnerable facets of your digital ecosystem. Ironically, most GDPR plans aren’t considering the most vulnerable and most dynamic element: the endpoint (and its user).
Taking the long view on GDPR compliance (and digital transformation)
Gartner estimates that half of organizations impacted by GDPR won’t achieve compliance by the May 25 deadline. But even if you’re among the compliant half, your digital enterprise environment is constantly evolving. You can’t afford to inhibit this change. Building a giant wall around your most critical assets would stifle your digital transformation—and put your organization at a serious competitive disadvantage.
Where GDPR and digital transformation come together: the movement of information
You can boil the many elements of GDPR down to two main objectives:
- Protect data from going somewhere it shouldn’t.
- Secure data wherever it goes.
GDPR doesn’t say information can’t move—just that you need to see that movement, so you can identify and respond to potential risk. That concept—gaining visibility to enable the free flow of information—is the definition of the “digital trust” that every analyst report and white paper declares as the foundation of digital transformation.
Is your GDPR strategy focused on movement?
To make a long story short, GDPR isn’t at odds with digital transformation—it’s complementary. Organizations are too focused on preventing data movement, taking a “secure the fortress” mentality. Instead, they need to start focusing their energy on seeing how and where data moves throughout the organization—from servers to cloud apps, cloud apps to user endpoints, etc. The tools and strategies that deliver this kind of visibility are not just key to achieving “privacy by design,” but also help your organization build the digital trust to allow information to flow more freely between your assets, your apps and your people.