The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Accountability the Next Step in Data Protection

by Chris Brook on Tuesday April 9, 2019

Contact Us
Free Demo
Chat

The UK’s Information Commissioner stressed in a speech on Monday that nearly one year into GDPR, the regulation is at a critical stage.

There have been tremendous strides in data protection since the implementation of the General Data Protection Regulation last May but there's still plenty more to be done from an accountability perspective, according to the UK's Information Commissioner.

Elizabeth Denham, Britain’s Information Commissioner since 2016, reflected on the GDPR, data protection achievements and challenges in a keynote speech at the Data Protection Practitioners' Conference in Manchester on Monday, and stressed that she hasn't seen data protection, as a culture, shift from compliance to accountability.

“I think even so early in the new law’s lifespan, we’re finding ourselves at a critical stage,” Denham said, “For me, the crucial, crucial change the law brought was around accountability. Accountability encapsulates everything the GDPR is about.”

Because of this deficiency, Denham told the crowd she thinks there's a real opportunity for data protection professionals to bridge that gap and "have a real impact on that cultural fabric of [their] organization, beyond bolt on compliance work.”

In Denham's eyes, the next wave of GDPR needs to look past compliance and zero in on comprehensive data protection, a concept that embeds what the Commissioner calls sound data governance into business processes. 

The Commissioner gave three examples of data protection professionals who are going above and beyond in the industry and satisfying this rationale.

The shortlist includes legal experts who double as business analysts and can comprehend how data protection fits with the vision of the organization, “where it can be imperative, positive and transformative,” professionals who coach and have built a network of ambassadors within the business that understand what needs to be done, along with marketers, who have mastered ways to "get people to look up from their day jobs and realize they all need to buy-in."

While not a new concept, it's the second time in the last several weeks that Denham has harped on the theme of accountability - one of the seven key principles of GDPR - as it relates to data protection.

In South Africa, at a speech at the International Conference of Information Commissioners (ICIC) last month, Denham said the ICO as a group is committed to the advancement of transparency, accountability, and democracy, acknowledging the themes unite everyone and are the basis for collaboration and combating challenges.

The concept of accountability essentially requires organizations to take responsibility for what they do with personal data. The concept, per the EU's Data Protection Supervisor, requires orgs to put in place the appropriate technical and organizational measures to be able to demonstrate what they did and its effectiveness when requested.

Tags: Data Protection, GDPR

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.

Recommended Resources


  • Understand technologies that enable compliance
  • Common pitfalls and challenges to be aware of
  • How to build a sustainable GDPR compliance program
  • The people, process, and technology impacts of GDPR
  • The top challenges to GDPR compliance
  • How to address them and improve your GDPR position