There is no doubt that the near-instant ability to access or process data is completely changing the way we work, consume, organise and socialise. More and more of the global population are becoming connected to the internet, giving them access to goods, services and information on demand. Whilst the growth of connected users has been rapid, corresponding efforts to understand the data and security landscape has been slower. In addition, where easier access to data, goods and services is good for users and customers, it also makes it easier for those who want to steal data, disrupt services or commit other types of criminal activity online. The more innovation and technology is enabled, the more risks that are posed to customers, businesses and organisations.
One of the ways to tackle this is at the national/international level. The European Union has been active in recent years with two initiatives aimed at making its citizens more secure. The General Data Protection Regulation (GDPR) aims to ensure that personal data is allocated sufficient protections with significant financial penalties for organisations failing to comply. One of the benefits to consumers of this regulation is that it has raised awareness that their personal data belongs to them, and that they have certain rights about how that data is stored and processed. It has also introduced a burden on companies and organisations to comply with the GDPR. This means that regulation design must closely balance data protection with limiting the implementation and operating burdens on companies and organisations.
The Directive on security of network and information systems (NIS Directive) is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU and targets critical national infrastructure in two areas: Operators of Essential Services, which are established within the EU, and Digital Service Providers that offer services to people within the EU. This is successfully raising the profile of what constitutes critical national infrastructure and is both compelling and assisting those affected in improving security as society becomes more connected.
Another option is to target selected industries by demonstrating the benefits of solving these issues through a common approach, and as long as the benefits can be demonstrated to outweigh the challenges then buy-in from companies and organisations should be much less complicated. The normal challenges of different appetites, working cultures and even time zones can be overcome with a clear strategy. More difficult challenges may be as follows:
- Building relationships between organisations that may well be in direct commercial competition with each other.
- Understanding and absorbing different regional regulations.
- Demonstrating a return on time and cost.
- Avoiding breaches of regulation, such as anti-competition rules.
However, the benefits for organisations that collaborate in order to build models that can address and implement regulations and standards can include:
- A shared cost burden
- Efficiency in ensuring that organisations that use similar business and operating models reduce friction when interacting – this is particularly important in international supply chains, or where different companies are involved in delivering one product.
- Strength in numbers whereby organisations and companies can effectively communicate challenges to regulators as a single unified voice.
- Identifying common risks and addressing them in a uniform manner.
During the panel session on “Regulating the future: safe, inclusive, connected” at ITU Telecom World 2019 in Budapest this September, I will address these challenges and opportunities in more detail and talk through some of the ways to effectively enable industries to solve these issues. I look forward to a lively and interesting discussion!