In today’s society, trust is immensely precious to everyone, not only to consumers but also to companies and organizations whose business relies on digitalization. How we build and maintain that trust is a very topical issue in which cybersecurity has a key role to play. October is the official European Cyber Security Month and it is being celebrated for the fifth time this year with the important goal of highlighting the importance of cybersecurity in society.
IAPP Europe Data Protection Conference 2017, held in Brussels during 8-9th of November, is the most important venue for data protection professionals to get together and share lessons learned with others from around the world. Kira Ahveninen-Kuha, Head of Data Protection Practice at Nixu and Matti Suominen, Lead Consultant at Nixu held a session on the challenges the data protection professionals face when communicating requirements to software development experts. (View the presentation material here)
Compliance with GDPR is in significant parts a challenge of implementing the necessary controls and features into IT systems and the enterprise architecture. Challenges arise when the data protection experts who understand the requirements cannot effectively communicate them to the software development teams. Previously, these two groups of professionals have only rarely come into contact with each other. Lack of common language and understanding of the working practices means that requirements don’t translate well into actionable tasks or software features.
Key takeaways for data protection professionals:
- Join the existing process that is already there for software developers – treating data protection as a separate track is almost guaranteed to not get a buy-in from the other side
- Know your business and the environment – your efforts will be appreciated when you can give relevant advice that takes into account the business realities of the world around you
- Get involved, don’t be just the name in e-mails and requirement forms – you have valuable knowledge that the development team would love to learn
- It’s not always easy so don’t get discouraged – try and try again
As a follow-up to the session, two separate blog entries were written to address questions from audience in more detail. They address threat modeling of advanced data protection threats and implementing GDPR requirements such as data retention in enterprise architecture.