How Monitoring Software Can Help Manage GDPR Expectations While Encouraging Investment
The latest PwC and CB Insights MoneyTree Report revealed that venture capital funding in the U.S. is booming, approaching dot-com era levels in the first half of 2019. So far, $54.9 billion was distributed in nearly 3,000 different deals, a number only eclipsed in 2000 when the dot-com bubble was ballooning.
This is undoubtedly good news for US startups that will use this money to develop the next generation of compelling platforms, services, and technologies.
Unfortunately, this trend isn’t making its way across the Atlantic. In the EU, which boasts the world’s second largest economy, venture capital deals are down by 25%, and those that do go through are nearly 34% less lucrative.
This startling differentiation aligns with the implementation of Europe’s General Data Protection Regulation (GDPR).
Many companies are struggling to apply the law’s onerous standards to their developing projects, perhaps making them less attractive to potential investors. For instance, according to a survey by Bitkom, Germany’s digital trade association, 74% of respondents identify data protection requirements as the most arduous obstacle to developing new technologies.
When coupled with the incredible fines levied on established enterprises including British Airways and Marriott, which combined could owe nearly $350 million in penalties, venture capitalists might be spooked.
Fortunately, companies aren’t powerless in this regard. By harnessing the right technology, any organization can manage GDPR expectations through software and automation, simultaneously protecting their data and demonstrating their investment suitability.
Here are three simple steps to fortifying your data security in today’s complicated digital landscape.
#1 Account for Controllables
Most people intuitively understand that cybersecurity is a critical component of GDPR compliance and, consequently, venture capital appeal. However, while news headlines push people to pay attention to the existential possibility of an external threat compromising a company’s data integrity, the reality is that insider threats — both accidental and malicious — are a serious, and more controllable, vulnerability.
While the numbers vary, it’s estimated that insider threats contribute to 60% of data loss events. These include:
- Negligent employees. Mishandling sensitive personal information violates users privacy and can lead to a significant data breach.
- Criminal employees. From disgruntled employees to those trying to develop a second income stream, criminal bad actors abound.
- Ignorant employees. Insiders who compromise data through phishing scams and other preventable measures make organizations vulnerable to a data breach.
To put it simply, your biggest threat to GDPR compliance likely isn’t the unknown bad actor outside of your walls but the employee residing in your office.
Therefore, it’s not surprising that employee monitoring initiatives are becoming normative as companies go to great lengths to protect their users’ data. Using this technology, companies can identify insider threats, and they are equipped to protect data before their regulatory standing is compromised and their venture capital value is undercut.
There are many options when selecting monitoring software to protect customer data, but some features should be non-negotiable, including:
- Configurability. A broad brush approach to employee monitoring can be overwhelming for employees and IT admins. Identify your purpose and align software accordingly.
- Privacy. Monitoring employees to protect customer data doesn’t mean violating their privacy. Features like auto redaction and time or location based monitoring can keep employees safe while promoting regulatory compliance.
- Usability. If the software is too complicated to use, then it will complicate the data landscape rather than securing it.
By rightly prioritizing insider threats as part of a holistic cybersecurity initiative, organizations make their data more secure and the regulatory compliance more certain. Moreover, in a venture capital environment where investors are ready to spend on startups but are unwilling to incur the risk of backing a company prone to a data breach, it’s a great way to demonstrate efficacy in addressing today’s comprehensive threat landscape.
#2 Automate Data Management
Increasingly, companies are storing people’s most sensitive personal information, and this data is often available to all employees. This behavior might be normative in today’s digital environment, but it can make companies more vulnerable to a data loss event that violates regulatory standards.
In other words, every employee doesn’t need unbridled access to people’s information, and by restricting data access movement, any company can lessen the chance that an insider threat causes a regulatory violation or worse.
The right monitoring and data loss prevention (DLP) software applies automation to data movement, which minimizes exposure and mitigates risk. More specifically, this software ensures that data access is on a need-to-know basis. When coupled with features like automatic alerts when employees attempt to download or print information, companies are empowered to play an active role in data security.
#3 Communicate Standards
Employee monitoring initiatives are not an attempt to secretly entrap bad actors. Rather, they are the technological enforcement of clearly communicated data privacy standards.
Since data privacy not only has serious regulatory implications but also plays a pivotal role in determining venture capital viability, every employee has an incentive for getting this right. Therefore, communicate data handling expectations from day one, and use software to hold them accountable to established standards.
When employees understand the technology used for monitoring, they become the best ambassadors for any data security initiative.
In the process, you will win your employees’ support as you communicate the purpose and the process of data security while putting your best foot forward toward data security at a time when it matters more than ever before.
A Final Word
The disparity between venture capital investment in the US and the EU makes it clear that data privacy standards will play a prominent role in the next generation of startups. However, EU tech companies aren’t powerless in this regard.
By harnessing the best technology, tech companies demonstrate that holistic data security is a bedrock principle. While companies in every sector have countless reasons to pursue GDPR compliance, none may be as prescient as tech startups. To continue innovating the next generation of tech platforms and to make venture capital a viable fundraising mechanism, data security is a non-negotiable.
In that regard, the right tools can make all the difference.
Read the latest e-book from Teramind: #Privacy2020: Identifying, Managing and Preventing Insider Threats in a Privacy-First World.
This article was originally published on IT Security Central and reprinted with permission.
