Kronstadter Str. 4
81677 München, de
+44 (20) 71832-833
Varonis welcomes new EU data privacy rules: "Balances the needs of users for the first time."
According to the data governance specialist, the new rules are an excellent balance between the very real data privacy needs of citizens against the practical issues of managing data within the modern corporate environment.
"Notice I said practical issues. Many IT security professionals have expressed concerns about the technical problems associated with managing, protecting and auditing access to their growing data stores. While these concerns are understandable, the reality is that with the correct technology in place - these issues can easily be solved," said David Gibson, the firm's director of strategy.
"Many organisations have been struggling with non-existent or limited permissions management, classification, and auditing capabilities included with their data stores, but new Metadata framework technologies can provide intelligence, automation, and control across multiple platforms to allow C-level executives to sleep easy in their beds at night," he added.
According to Gibson, whose firm specialises in providing intelligence and control for the often-overlooked - and often-unsecure - area of unstructured data, the introduction of a single set of privacy standards for all EU territories is long overdue, although he notes that the migration to the new rules may be a complex process for some multinationals - and those firms who are pushing into new countries for the first time.
"The key issue in the new rules that made me sit up and take notice," he says, "is the requirement that any company maintaining personal information - be that customer records, internal human resources directories or any other list - will have to comply with the new rules, and be able to show how and why they are using personal data."
There have been, he explained, some fears that the planned five per cent turnover penalties were too high. While a two per cent maximum will please many industry onlookers, it will still act as a very positive deterrent for any company thinking they can simply hope for the best with their actual data protection systems.
One area that Gibson says he particularly welcomes is the requirement that companies that misplace any personal information must immediately notify the regulatory authorities - and all concerned parties - as is the additional requirement for companies with more than 250 staff to appoint a data protection officer.
"This latter requirement is excellent news. The appointment of a data protection officer will help focus the attention of many more companies on what has become a major issue for everyone in this digital age - and help ensure that the vast majority of firms do a lot more than simply pay lip service to the new regulations," he said.
"The application of the rules to non-EU entities - especially those in the US - that want to offer their goods and services into the EU - is also to be welcomed, as it helps to balance parallel requirements under the US Sarbanes-Oxley governance rules, for example," he added.
"Yes, there will be a lot of moaning and groaning about the new rules, but I predict that - as we have seen with the PCI DSS governance rules - after a short while, they will become the accepted business practice and part of the data protection and management landscape. And that is a significant move forward for everyone."
For more on Varonis Systems: http://www.varonis.com
For more on the EU data privacy rules: http://bit.ly/AxgaE2
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to firstname.lastname@example.org.