Interview

What’s Normal Behaviour? Lessons learned from GDPR

Comms Business Magazine talks to Nigel Hawthorn, data privacy expert at McAfee, one of the giants of the security sector, about channel sales opportunities, what have we learnt from GDPR and what can we expect in the way of security challenges over the next year.

McAfee, the US global computer security software company headquartered in Santa Clara, California, claims to be the world's largest dedicated security technology company.

Comms Business Magazine (CBM): You’ve written a book on GDPR but what have we learned since GDPR regulations came into force nearly a year ago?

Nigel Hawthorn (NH): I think we should back off a bit from the GDPR doomsayers. I often use a driving analogy and the law on speeding. If you doing 90mph in a 30mph zone then you’ll quite rightly get the book thrown at you but if you are doing just 31 or 32mph someone will have a quiet word in your ear. I think a lot of people are GDPR zealots and that 31 or 32mph is a good starting point.

I do believe however that we are seeing the calm before the storm; there’s been the big fine for Google whilst Marriott and BA are still to be ruled upon so what I would say right now is that GDPR has been very good at grabbing everyone’s attention. For instance, recently I took a call from our legal team enquiring how we were handing all the customer enquiry details at a forthcoming trade show.

It’s likely that the Marketing Department is the most likely candidate to first fall foul of GDPR if only because they have traditionally been a little more cavalier in the past regarding data.

We need to see more interaction between different groups as everyone has a part to play in the responsibility for the security of user data. McAfee is a thirty year old company US company and we have personally approached GDPR very positively. We have some customers that have been with us nearly all of that time but if we can’t trace the provenance of that customer, can’t contact them then we delete that data.

CBM: What are the main sales opportunities and top channel tips for monetising data protection solutions?

NH: Firstly, the channel opportunities are huge and start with the ability to be able to give advice and guidance and help to create discussions within your customer base. You know I often come across customer people from their compliance team that have never met people from their IT teams! How can each judge what data is confidential? IT people would block everything but users couldn't do anything.

When I speak at events I frequently ask the audience three questions on cloud security; how many block the use of Dropbox (loads of hands), do you give users somewhere else to go? (Mostly no) and thirdly, how many of you have limits on email attachments? (the majority). It’s a Gotcha! Moment. By answering these questions you have cut off the three ways users can send large files and as a result users will look for other, often more dangerous ways to get around this. Plainly their rules are not current nor fit for purpose in 2019.

CBM: What can we expect from the next 12 months in data security market?

NH: The ICO’s figures for Q2 2018 (the last Q for which figures are available) shows that only 21% of data loss incidents were caused by cyber incidents, meaning that over three quarters were caused by user actions.

Today we generate a lot of data as individuals and in the future we’ll need to see more use of joined up systems that can determine out of character actions such as logins from multiple and unusual geographical locations at unusual time.

Companies need to work together to on the fly recognise potential problems and what is going on – this will become more prevalent. We collect so much information but we need to decide what is normal.