RSA Conference 2018 debate: Will the GDPR and related rules prove a competitive differentiator for Europe?

Back to News

Prof. Dr. Udo Helmbrecht, Executive Director of the EU Cybersecurity Agency ENISA, has participated in the panel on data protection in the RSA Conference International Cybersecurity Forum 2018, held at the Moscone Center in San Francisco, USA.

Mr. Helmbrecht spoke at the GDPR Essentials Seminar about the rules related to this important piece of legislation and its future implications.

“Data management is an important scientific field of endeavour upon which cyberspace is organised. We have shifted in a data-rich period that is fuelled by the suite of cloud computing, sensors, big data while we are slowly but surely shifting to an Artificial Intelligence managed environment,” Mr. Helmbrecht said in the opening statement.

He continued: “Clearly there is an economic impact on the private sector that seeks GDPR compliance. GDPR is not about stopping existing processes but about doing them in a different, way, putting data subjects in control of their data. The role of technology is key in this approach.

In a recent ENISA’s study on privacy and data protection for mobile apps, it was shown that contemporary software design methodologies do not adequately reflect privacy and security needs, often leading to data breaches and consumers mistrust. GDPR can provide the incentives to alter this situation by mandating privacy by design.

ENISA has been doing a lot of work in the area of privacy and data protection by design and is promoting the use of privacy enhancing technologies (PETs), such as encryption tools or anonymization/pseusonymisation mechanisms.

GDPR impacts data science as the discretion to manage data is placed under the scope of the Regulation, which might be quite limiting for some e.g. interconnecting sets of data might become even more conditional than it currently is.”

Mr. Helmbrecht concluded his speech by stating: “At the end of the day, GDPR is here to stay and the great opportunity is to set up data policies that are mindful to the rights of the holders of the greatest commodity in cyberspace, which is personal data. At the same time, GDPR can create incentives and new business opportunities for a new area of privacy friendly tools and services, especially in online environments.

This can be a competitive advantage for those that put in place GDPR compliant policies, especially if combined with GDPR or broader certification schemes.”