Europe’s incoming GDPR rules encourage “good cyber hygiene” amidst an increasingly risky environment, according to tech firm Becrypt.

The new information security rules sweeping across Europe in May 2018 provide an incentive towards good practices. The General Data Protection Regulation (GDPR) rules encourage “good cyber hygiene” amidst an increasingly risky environment. That is the message of Bernard Parsons, CEO and co-founder of UK-based cyber security firm Becrypt.

GDPR: Final countdown | Read more

“The incentive behind GDPR is to have good practices. It’s not just the consumer that can benefit from best practices and high standards of data privacy. The organisation can benefit by increased focus on the business processes that call on that data, and the infrastructure deployed to protect that data,” said Parsons.

He says his firm went through its own GDPR readiness exercises, looking for opportunities to improve how things are done to reduce the risk of a breach and tighten up processes. GDPR’s focus on why data is collected and how it is stored and managed is the perfect opportunity for businesses to become more efficient in handling data and discover new opportunities for how they can use it, Parsons suggests.

He said: “It’s all good, sensible cyber hygiene. There has been a danger of efforts becoming just a tick-box exercise – that they can become abstract. GDPR is encouraging you to think about processes and the relevance of data being held. Are they proportionate and are you considering applications of the through-life-management of the data?”

Much data being retained by organisations should be gotten rid of, he suggests. This might be because it poses an unnecessary risk, but also because it if is irrelevant it is therefore a waste of space which could be used to store more useful data. Obvious benefits are less data storage and easier backup processes, Parsons notes.

“Certain classes of data you just don’t need or shouldn’t retain. Clear advantages result from any reduction in the need to store data – even if this is not identified as a GDPR requirement,” Parsons said.

Reviewing processes can also yield better ways of sharing information between different parts of the business, Parsons suggests, deriving more value for better informed decisions. “We don’t think about GDPR as primarily a technology conversation. Try to think about it more as a business culture and business process conversation. The technology is only there to support that.”