How can you protect your new business model?

Security issues must be integrated from the very first stages of design, and throughout the whole project cycle. This is known as secure by design, and will guarantee the success of the digital transformation.  

Enhance your cybersecurity

As businesses embrace technologies such as the Internet of Things (IoT), Big Data, cloud and mobility, the value and volume of data have never been higher. Endpoints are more vulnerable than ever. However, in the digital age, the focus must shift from securing network perimeters to protecting data propagation between systems, devices and the cloud. It is important to keep in mind that protecting users is not just about securing your IT infrastructure. Many attacks target the naivety of users (phishing, fake president scams, social engineering, etc.). This is especially the case with the IoT, which is admittedly still in its infancy. However, as the IoT expands to everything from industrial equipment to consumer devices, attacks are not only increasing in number, but also in sophistication. Next-generation devices are now being deployed in potentially vulnerable environments such as vehicles and factories, significantly increasing the risks. Companies should assess the reliability of their systems and networks by performing penetration tests, server configuration audits, source code audits and system vulnerability scans on a recurring basis. The evaluation of WiFi security and the implementation of technical architectures that can meet security objectives at the DICT (Availability, Integrity, Confidentiality, Traceability) level are also necessary. Lastly, it is essential that companies are supported in the definition and implementation of a security strategy for their information systems, and that employees undertake cybersecurity training so that they are properly informed of the risks.  

Comply with GDPR

The General Data Protection Regulation (GDPR) impacts the entire data cycle, from collection to storage and use. Compliance has required transformation well upstream of businesses related to data processing: creation of a record of processing, definition of the job of the DPO (Data Protection Officer), rules to be automated, … a new omnipresent order that must be integrated in each business process that uses personal data. You must comply with European regulations if the processing of personal data results in a) the systematic large-scale monitoring of a publicly accessible area, b) the systematic and in-depth evaluation of personal characteristics, including profiling, on the basis of which you make decisions that have legal effects on a natural person or significantly affect him or her, and c) if you transfer data outside the European Union.  

Appoint a Data Protection Officer (DPO)

An organisation’s compliance with GDPR is a permanent and dynamic process that should not be limited to when the DPO assumes office. The DPOs missions are, in fact, multiple. They are responsible for:

• Raising awareness among employees.
• Initiating a global reflection on the implementation of a policy and procedures related to data protection in the company.
• Identifying the internal target audiences and any specific needs of departments (e.g. marketing activities, human resources).
• Creating thematic content.

The appointment of a DPO is mandatory in three cases:

• If the processing is carried out by a public entity.
• If the structure has an activity that leads it “to carry out regular and systematic monitoring of individuals on a large scale”.
• If the organisation carries out processing involving sensitive data or data related to criminal convictions and offenses.

Examples of large-scale data processing include the processing of real-time geolocation data of customers or the processing of personal data for behavioural advertising by a search engine, for example.