Why do IT and Information Security professionals value GDPR training?

Published on Mar 31, 2021

As the world begins to look beyond the coronavirus pandemic, the inevitable changes in society are beginning to emerge. We will always talk about life before and after COVID-19. One of the most visible changes that may become permanent (for many organisations) is the shift to remote working.

This development means IT and information security professionals have had to adapt to ensure systems are available and protected while many employees work from home. However, it is not only home working that is driving this new focus on privacy.

According to a new data privacy report from Cisco, a US technology company, based in California, specialising in networking products, 34% of security operations are increasingly looking to include data privacy as a core responsibility and competency.

Whether the goal is to improve communication between privacy and security departments or ensure the existence of well-rounded incident response teams, IT and information security professionals are keen to know more about the correlation between data security and privacy management.

Many privacy management functions play an essential role in mitigating the risk of an information security breach. Because of this, certified training on the general data protection regulation (GDPR) for security professionals covering privacy-by-design, data minimisation, and pseudonymisation and encryption has become increasingly commonplace amongst IT/infosecurity teams.

Other key findings of the report include:

  • 93% of organisations turned to their privacy teams to help navigate and guide their pandemic response.
  • Privacy budgets doubled in 2020 to an average of $2.4m (£1.72m).
  • Return on investment was slightly down compared to 2019 but remains attractive with 35% reporting benefits at least two times higher than their privacy investments.
  • Privacy laws are viewed very favourably around the world, with 79% of organisations indicating they are having a positive impact (and only 5% negative impact).
  • External privacy certifications such as ISO 27701 and EU (European Union) Binding Corporate Rules (BCRs) are an important buying factor for 90% of organisations when choosing a product or vendor.
  • Organisations with more mature privacy practices are getting higher business benefits than average and are much better equipped to handle new and evolving privacy regulations around the world.
  • 93% of organisations are reporting privacy metrics such as privacy program audit findings, data privacy impact assessments, and personal data breaches to their boards.

Source: Cisco Privacy Benchmark Study 2021

How GDPR Training Could Improve Your Businesses Privacy

Investing in reliable privacy protection infrastructure, expertise, and training on GDPR for security professionals does not merely benefit consumers. The Cisco study shows that 75% of organisations recognise that privacy protection can:

  • Reduce sale delays
  • Mitigate the level of security losses
  • Enable innovation
  • Achieve operational efficiency
  • Build trust
  • Make their company more attractive

Based on estimates given by respondents, the overall value of these benefits was, on average, $2.9m (£2.08m).

Privacy experts have been crucial to organisations during the pandemic

The study showed 93% of organisations turned to their privacy teams to help navigate potentially controversial decisions during the pandemic. Cisco stated:

"Most organisations said they were unprepared for the privacy and security implications of the shift to remote working. 87% of individuals, including employees and customers, were concerned about the privacy protections of the remote tools they were being asked to use.

The research also shows strong support for maintaining privacy principles and protections. 62% of individuals wanted little or no change to existing privacy laws, and there was very limited support for use cases involving the sharing of personal information even in the face of the pandemic.

While individuals supported employers' efforts to maintain a safe workplace, they were much less enthusiastic about location tracking or disclosing any information about infected people. Respondents wanted any use of their personal data to be limited and strictly controlled. Their top concerns were consistent with the fundamental privacy principles of transparency, fairness, and accountability."

GDPR and the future

The pandemic has accelerated changes in our society, such as mass home working and using personal data for monitoring public health. These changes have always been on the horizon; the coronavirus pandemic simply sped up their implementation. In turn, this has led to data protection expertise, becoming a vitally important part of IT and information security professionals’ work.

Among security teams, over a third of professionals who responded to the survey, said data privacy was one of their top areas of responsibility, along with assessing and managing risk and responding to threats. Furthermore, the fact that Cisco's study revealed privacy metrics are being sent to the boards for 90% of the organisations who took part highlights its importance.

Privacy protection and being able to ensure compliance with the GDPR is a highly specialised area. The Cisco study concluded that:

"One important way for organisations to validate they are handling personal data properly is by obtaining independent, external certifications for their privacy program and practices.

Having these certifications in place can save time and effort in contract negotiations, and they have become increasingly critical in today's business environment. When asked whether these certifications represented a buying factor when selecting a vendor or product, the vast majority (90%) said yes."

Privacy is not simply a compliance issue; it is a fundamental human right. A right that is being challenged more and more by technological advances.

Investing in privacy training on GDPR for security professionals, streamlining vendor due diligence, improving data processing transparency, and obtaining external privacy certifications ensure that an organisation seriously considers privacy during all business activities.

In today's world, where no one can be certain how much the government and big tech know about their private life, organisations that respect privacy will gain a significant competitive advantage.

To find out more about data protection and privacy law training, book a GDPR training course or call 0370 04 27701.

Click your chosen course below to see our next available courses dates