fbpx

Data Protection By Design: GDPR Compliance Starts With Software

by | Feb 23, 2018 | BLOG, Forbes Coaches, TECHNOLOGY, Trending

Forbes Technology Council Elite CIOs, CTOs & execs offer firsthand insights on tech & business. Opinions expressed by Forbes Contributors are their own.

Post written by

Brian Fox

Software developer, innovator, and entrepreneur who is most prominently known for his role as the CTO and co-founder of Sonatype, Inc.

Brian FoxBrian Fox ,

Shutterstock

Software is no longer written from scratch — it’s assembled.

In fact, 80-90% of a modern application is built using open source software components. These free, packaged bits of reusable code are downloaded each year by the hundreds of billions. Every development team uses them to accelerate production and deliver new innovations. Every software application you use, at work or at home, is made up of them.

In today’s application economy, innovation is king, speed is critical and open source is center stage. While organizations are delivering software innovations at a quicker pace, one aspect of delivery is being gravely overlooked: security. Our research estimates that 1 in 18 open source components downloaded last year had a known security vulnerability. The security defects in these components are being assembled into finished goods in medical, defense, entertainment, financial services and every other industry, which leaves applications and their data, our privacy — and potentially our health — at risk.

When the innovation race is being run without proper oversight, getting to the finish line safely will require greater (and faster) care. That’s set to be a major challenge for organizations developing software under the forthcoming EU General Data Protection Regulation (GDPR).

Article 32 of the GDPR states that organizations must “implement appropriate technical and organizational measures” to “ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.” When combined with Article 25, which mandates that data protection measures be implemented “by design and by default”, it’s clear that privacy and security must become ingrained in every element of IT infrastructure.

If you fail to follow these rules and known software vulnerabilities end up inadvertently helping hackers steal sensitive consumer data, you could be on the hook for seriously big fines: up to €20 million, or 4% of global annual turnover — the greater of the two. 

Equifax As A Cautionary Tale

In today’s economy, data is the new oil. It’s no wonder that applications are the top attack vector for hackers — data lives within applications. With attacks on the rise, businesses can no longer afford to ignore their poor software hygiene practices.