Technology, such as encryption and firewalls, can only go so far to protect an organisation's data; culture is just as important, if not more so. This is according to Phil Bindley, CTO of The Bunker, who warns that organisations are fighting a losing battle if they fail to get company culture right. Data streams throughout organisations and is often used by everyone in some way. This means that without a cultural appreciation of how data should be treated, the risk to GDPR compliance remains high.
The GDPR is designed to better protect citizens' data and harmonise legislation across Europe. The regulation brings a number of new guidelines for organisations in relation to Personally Identifiable Information (PII). In order to ensure a best practice approach to securing data is achieved, business leaders need to create a culture of information security by embedding sound processes within their organisations.
Phil Bindley, CTO of The Bunker, explains: "With the GDPR coming into force a culture of information security has a major part to play in ensuring firms are able to demonstrate and maintain compliance. Although technology is an important factor, what it fundamentally comes down to is people and processes. It's not about building a bigger firewall, it's about changing the way organisations and their employees behave and treat the data that they hold on behalf of their customers.
"Information security professionals have a huge part to play in creating this culture. They need to speak the language of the board so they can explain the commercial benefits of behaving in a secure way. Businesses need to instil sound practices and ensure all staff look through a lens of data security. It's vital to have a complete picture of everything that has the possibility to impact security. Everyone within a business needs to think about what they do...