Filetype PDF | Posted on 19 Sep 2022 | 4 years ago
Authentication
digital resources
299x Filetype PDF File size 3.14 MB Source: www.pwc.com
Contents
Executive summary 2
Responding to the fear of technology –
why data protection law exists 4
Transition to the GDPR –
technology under heightened scrutiny 5
Technology failure and consequences
for organisations 8
Technology capabilities required for GDPR
compliance scenarios 10
Moving from theory to reality –
understanding and utilising the consensus
of professional opinion
14
What should organisations do now? 16
Executive summary
The EU General Data Protection Technology is, in other words, the
Regulation (GDPR) delivers a principal problem that data protection
fundamental change in how data law is trying to solve. As such, it is
controllers and data processors handle obvious that, as well as being the
personal data. Instead of an ‘add-on’ or problem, technology must provide the
afterthought within business solution. If entities are storing too
operations, protections for personal data much personal data, for example,
will now have to be designed into the technology needs to deliver delete,
very fabric of data processing systems, erase, de-duplication and
meaning that entities will need to minimisation functionality.
re-examine how they approach the use However, the way that data protection
of technology in their organisations. has operated in practice tells a different
European data protection law has story and PwC’s experience in this area
always been concerned with how backs this up: despite technology being
technology operates. Indeed, the first both the problem and the solution,
proposals for harmonised, pan- technology systems have not been
European laws were a response to designed and deployed from the
technological developments. Legal perspective of the requirements of data
instruments such as Council of Europe protection law. This is why we see so
Recommendation 509 on human rights much debate over the retention and
and modern scientific and technological storage of personal data, so much
developments (31 Jan. 1968) pinpointed confusion about the nature and
with precision the risks to privacy that whereabouts of personal data and so
were posed by the technology revolution many technology-related cyber-security
of the 1960s. Data protection laws exist failures. From this perspective it might
because it is believed that, without be said that the technology stack has
them, technology will enable or cause been the missing link in data protection
data controllers and processors to programmes over the years.
trample on fundamental rights The underlying reasons for these issues
and freedoms. will no doubt continue to be a source of
debate, but one thing is certain: in the
new world of the GDPR, where tougher
and more penetrative forms of adverse
scrutiny are likely, instances of
technology failure will be harder
to excuse.
2 | Technology’s role in data protection – the missing link in GDPR transformation | PwC
no reviews yet
Please Login to review.
