Lessons learnt from 2020 and the trends in 2021
Technical and business implications of growing changes and stricter enforcement in data protection laws
Lessons learnt from 2020 and the trends in 2021
Huawei hosted a webinar comprising an expert panel to discuss the lessons learnt on data protection in 2020 and the trends to watch out for 2021. The speakers included Felix Wittern, Partner at a multinational law firm, Fieldfisher; Ramses Gallego, International Chief Technology Officer, Cyber Security at global software & IT company, Micro Focus and Joerg Thomas who leads the Data Protection Officer at Huawei. The panel offered a comprehensive view, providing the legal, technical and business implications of growing changes and stricter enforcements in data protection laws on corporates in the telecoms industry. Citing the dangers of increased litigation, the panel highlighted how co-operation, focus on technology and transparency would help corporates prepare for challenges as we advance.
The shifting sands of the data protection landscape in 2020 and what it means for 2021
2020 was a challenging year for data protection – COVID-19 digital contact tracing and general health surveillance added to an already complex human rights and privacy laws landscape. The Schrems II judgment and a looming Brexit put in play some key changes that will fully unravel in 2021. Added to this were data sovereignty strategies of governments, stricter enforcement of General Data Protection Regulation (GDPR) not to mention the impact of new technologies such as 5G and artificial intelligence (AI).
Elaborating on the challenges, Felix Wittern, Partner, Fieldfisher said, “There’s never a dull day in privacy! Take, for example, the Schrems II ruling that was announced in July last year – it poses one of the biggest challenges around international data transfers, outside the European Economic Area (EEA). As regulators themselves make sense of the evolving situation, MNCs that do not tread carefully will be liable for hefty fines. In fact, while COVID-19 actually slowed down enforcements, I predict a lot of litigation in this space in the future. Corporates will do well to co-operate with regulators as a common ground is reached rather than take a confrontational stance.”
He further touched upon issues such as data localization – i.e. if data doesn’t leave the EU, the challenge of companies dealing with their subsidiaries in other countries still warranted attention. On the subject of Brexit, he mentioned how the final solution was still at least six months away as bridging to adequacy requirements were put under the test.
Technology: increasing the challenges but providing the solutions too
Ramses Gallego, International Chief Technology Officer, Cybersecurity, Micro Focus provided a good overview on the technology front. He explained how data protection is not just one dimensional but encompasses three arenas – who (identity), what (data) and how and when access is granted (application).
He said, “Living in a cloud-generation era, we are increasingly dealing with the emergence of shadow IT or shadow data where content is backed up on multiple clouds, without the knowledge of data compliance departments. Corporates need to understand the dangers in this – legal departments cannot effectively protect what they don’t know exists! Only when corporates build an ecosystem that automates and orchestrates authentication, authorization and appropriate access can we hope to create a systematic and systemic solution to the issue of data protection.”
He emphatically stated that technology itself would help create the circles of trust beyond which data should not be visible or active. He spoke about encryption and
tokenization as effective risk mitigation strategies that corporates could adopt could stand up in a court of law in the unfortunate incident of a data breach.
He concluded that as we move from 2020 to 2021, organizations will need to transition from cybersecurity to cyber resiliency. They build the capacity to anticipate threats, withstand and resist attacks, recover quickly and evolve to the next stage.
Practical advice for businesses
Summing up a to-do list for undertakings, Joerg Thomas, Director, Data Protection Officer, Huawei added, “We may witness an increase in class action-style lawsuits in the personal data space in 2021-22 as aggravated parties view judicial remedy as a potentially faster way to get redress when their data rights are violated.
Businesses need to be transparent about the transfer locations of personal data and the types of data being transferred and consider the legal requirements in the receiving jurisdiction. A return to “basics” is essential – records of processing activities (RoPa), privacy notices and cookies should always be up-to-date and compliant with governing laws. From a long-term sustainable point of view, organizations will need to adopt data minimization and privacy by design and default, and at all times ensure that business continuity management (BCM) plans are in place.”
At Huawei, everything is done to build a secure environment for customers, and this includes staying abreast of the latest data rulings and regulations, identifying and mapping transfers as per the governing transfer mechanisms, providing appropriate guidance and templates, continuous study and evaluation of standard contractual clauses (SCCs) and advice on supplementary measures. For more information, click here.