Vendor

Huawei urges corporates to focus on data minimization and business continuity management to mitigate data security challenges

Huawei urges corporates to focus on data minimization

Huawei hosted a webinar comprising an expert panel to discuss the lessons learnt on data protection in 2020 and the trends to watch out for in 2021. The speakers included Felix Wittern, Partner at multinational law firm, Fieldfisher; Ramses Gallego, International Chief Technology Officer, Cyber Security at global software & IT company, Micro Focus and Joerg Thomas who leads the Data Protection Office at Huawei. The panel offered a comprehensive view, providing the legal, technical and business implications of growing changes and stricter enforcements in data protection laws on corporates in the telecoms industry. Citing the dangers of increased litigation, the panel highlighted how co-operation, focus on technology and transparency would help corporates prepare for challenges going forward. 

The shifting sands of the data protection landscape in 2020 and what it means for 2021

2020 was a challenging year for data protection – COVID-19 digital contact tracing and general health surveillance added to an already complex landscape of human rights and privacy laws. The Schrems II judgment and a looming Brexit put in play some key changes that will fully unravel in 2021. Added to this were data sovereignty strategies of governments, stricter enforcement of General Data Protection Regulation (GDPR) not to mention impact of new technologies such as 5G and artificial intelligence (AI).

Elaborating on the challenges, Felix Wittern, Partner, Fieldfisher said, “There’s never a dull day in privacy! Take for example the Schrems II ruling that was announced in July last year – it poses one of the biggest challenges around international data transfers, outside the European Economic Area (EEA). As regulators themselves make sense of the evolving situation, MNCs that do not tread carefully will be liable for hefty fines. In fact, while COVID-19 actually slowed down enforcements, going forward I predict a lot of litigation in this space. Corporates will do well to co-operate with regulators as a common ground is reached rather than take a confrontational stance.”

He further touched upon issues such as data localization – i.e if data doesn’t leave the EU, the challenge of companies dealing with their subsidiaries in other countries still warranted attention. On the subject of Brexit, he mentioned how the final solution was still at least six months away as bridging to adequacy requirements were put under the test.

Technology: increasing the challenges but providing the solutions too

Ramses Gallego, International Chief Technology Officer, Cybersecurity, Micro Focus provided a good overview on the technology front. He explained how data protection is not just one dimensional but encompasses three arenas – who (identity), what (data) and how and when access is granted (application).

He said, “Living in a cloud-generation era, we are increasingly dealing with the emergence of shadow IT or shadow data where content is backed up on multiple clouds, without the knowledge of data compliance departments. Corporates need to understand the dangers in this – legal departments cannot effectively protect what they don’t know exists! Only when corporates build an ecosystem that automates and orchestrates authentication, authorization and appropriate access can we hope to create a systematic and systemic solution to the issue of data protection.”

He emphatically stated that technology itself would help to create the circles of trust – beyond which data should not be visible, nor active. He spoke about encryption and

tokenization as effective risk mitigation strategies that corporates could adopt and that could stand up in a court of law in the unfortunate incident of a data breach.

He concluded by saying that we as we move from 2020 to 2021 organizations will need to transition from cyber security to cyber resiliency where they build the capacity to anticipate threats, withstand and resist attacks, recover quickly and evolve to the next stage. 

Practical advice for businesses

Summing up a to-do list for undertakings, Joerg Thomas, Director, Data Protection Office, Huawei added, “We may witness an increase in class action-style lawsuits in the personal data space in 2021-22 as aggravated parties view judicial remedy as a potentially faster way to get redress when their data rights are violated.

Businesses need to be transparent about the transfer locations of personal data and the types of data being transferred, and take into account the legal requirements in the receiving jurisdiction. A return to “basics” is essential – records of processing activities (RoPa), privacy notices and cookies should always be up-to-date and compliant with governing laws. From a long-term sustainable point of view, organizations will need to adopt data minimization and privacy by design and default, and at all times ensure that business continuity management (BCM) plans are in place.”

At Huawei, everything is done to build a secure environment for customers and this includes staying abreast of the latest data rulings and regulations, identifying and mapping transfers as per the governing transfer mechanisms, providing appropriate guidance and templates, continuous study and evaluation of standard contractual clauses (SCCs) and advice on supplementary measures.

Tags

Featured





Latest Edition



Media Partner