Cristian Badea (co-founder @Sypher Solutions): On why organisations are not yet fully GDPR compliant
The GDPR is the most important change in data privacy regulation in 20 years. In the last year, the GDPR fines amounted to $405 million. Big corporations like Google, Marriott and British Airways were found in breach of the GDPR.
Sypher Solutions helps organizations and companies become and stay GDPR compliant. Its solution is called Sypher Suite and it is a GDPR compliance platform. The platform is currently used by more than 60 organizations in various areas: financial, insurance, software and technology, retail and eCommerce.
Learn more: Simplify your GDPR compliance with Sypher Suite
Cristian Badea is one of the co-founders at Sypher Solutions. He has extensive experience of personal data privacy and security, software and SaaS development. I reached out to him to answer a few questions on the GDPR associated challenges that organizations face when working to become GDPR compliant.
1. Sypher helps companies avoid becoming the next GDPR case study. How does your platform do that?
GDPR compliance programs can be incredibly complex, especially for large organizations. There are industries like financial services, insurance, telecom or retail, where companies are more publicly exposed. They also collect huge amounts of data which makes them more prone to both mistakes and public scrutiny.
When dealing with so many pieces of information spread across multiple tasks, mistakes are easy to make.
Sypher Suite is designed to simplify compliance work and help teams analyze, document and maintain GDPR compliance. It uses custom logic and specific flows to break the project into small, more manageable tasks, and make sure that everything that needs to be done is on the radar.
Our platform actively supports the compliance team to identify the areas that require their attention. It provides a framework allowing the Data Protection Officer (DPO) and compliance team to collaborate and exchange information with the rest of the business and external advisors. It also acts as a central repository for every information related to GDPR compliance.
2. Why aren’t businesses implementing GDPR? What is the most common reason?
We speak with a lot of businesses and most of them are aware of GDPR and trying to become compliant. According to a recent study by IAPP, most organizations reported that GDPR implementation took longer than expected (54% of respondents) and it is equally or more difficult to implement than other data privacy and security requirements (80% of respondents). Most organizations (72%) have a budget and the budget is renewed annually (35%) or continue indefinitely (24%).
Since budget is not a problem and awareness is there, we believe that a common reason for not being fully GDPR compliant in 2019 is the fact that organizations often lack the know-how and resources to manage the standard requirements properly, and fail to involve enough people in the process (GDPR is required for all organization teams and is not meant to be dealt with just with the DPO team).
To help them, we have developed specific tools that allow the compliance/DPO team to enlist support from the rest of the business. Our guidance and validation systems make it easy for anyone to contribute to the project, without the need for complex or lengthy training.
3. What challenges did you face while building your business?
We launched Sypher Suite to help companies become GDPR compliant quickly, easily and with minimal fuss. We believe that the GDPR compliance process should and must be simplified and organized.
Our story began in 2016, the year when the European Union published the new regulations regarding the protection of personal data.
The main challenge was to understand the needs, problems and hassles of persons in charge of GDPR compliance, namely DPO and to identify a better way to solve them. This challenge is applicable today as well, we strive to understand how GPDR requirements can be simplified so humans can stay on top of it and control it.
Sypher Suite was created after multiple discussions and meetings with potential clients across several industries, consultants and law firms, to understand how we can help conformity teams implement the new privacy policies.
4. Share your advice for aspiring or new startup founders.
It’s difficult to share general advice, as every startup is different at so many levels: goals, general environment, potential clients’ needs, the technology used and so on.
What we think it’s worth sharing though is this: do market segmentation, identify your best niche and address to a clear potential customer, with real pain and struggles. Addressing the whole market and each company may not yield the best results.
Also, transform your product’s features and capabilities into solid benefits for your potential clients.
Join the Conversation
We’d love to hear what you have to say.
Get in touch with us on Facebook Group and Twitter.
Simplify your GDPR compliance with Sypher Suite
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA).
The GDPR is the most important change in data privacy regulation in 20 years and came into force on 25th May 2018.
In the past year, we’ve seen many news reporting on companies and organizations receiving fines for breaching GDPR. Organizations can be fined up to 4% of annual global turnover or €20 Million.
Here are the latest GDPR fines:
- $123 million (£99 million) to the international hotel group Marriott for a breach that impacted 30 million EU residents;
- $227 million (£183 million) to British Airways when its website was compromised due to poor cybersecurity arrangements which lead to 500,000 customer records being extracted by a malicious third party;
- EUR 50 million to Google by France’s data regulator for a lack of transparency and consent in advertising personalization, including a pre-checked option to personalize ads.
If you want to avoid becoming the next GDPR case study, here is a platform that your organization can use to be GDPR compliant.
Sypher Suite is an easy to use software platform designed to simplify compliance work. This platform helps your team to avoid potential mistakes when analysing, documenting and maintaining GDPR compliance.
We have more than 40 years of combined founders’ experience in designing and implementing projects requiring security and data protection compliance in e-commerce, banking and insurance.
We use the very latest technologies and, with real attention to detail, we’re passionate about helping our clients to become GDPR compliant quickly, easily and with minimal fuss.
Sypher Suite Main Features
- 3D Mapping validator – The validation engine combines and analyses information from multiple sources to help identify common data mapping errors and omissions and provide suggestions;
- Smart monitoring – The platform will notify activity owners when relevant changes are detected, show them what’s different and even reopen documents that need updating;
- Dynamic data flow – A visual maps showing dataflows from different standpoints;
- Data subjects request manager – Missing the deadline for a data subject request can lead to an official complaint. The DSRM module tracks all open requests and notifies you if the deadline is approaching.
- Automated task management – Every time you add new information into the software platform a task is automatically created and assigned, including any dependencies on other existing tasks. Tasks automatically update or close in order to match the status and owner of each item. This ensures that, regardless of how large your project is, every single action that needs to be undertaken is accounted for;
- Information and collaboration tools – Sypher Suite enables associates from multiple departments and companies to exchange messages, see who is doing what and to participate in the tasks involved;
- Multi-language interface – Sypher Suite is a multi-language platform where users can work and enter data in the language required by the local data protection authority. Reports, however, can be exported in your preferred language.
- Track the compliance progress with real-time, actionable information;
- Everything in one place;
- Everything that goes into your GDPR documentation is verified and reviewed regularly;
- Easy to use;
- Bespoke – One size doesn’t fit all.
Sypher Latest News and Information
The platform is currently used by more than 60 organizations in various areas: financial, insurance, software and technology, retail and eCommerce.
According to crunchbase.com, Sypher’s estimated annual revenue is $100K.
In November 2018, Sypher raised 300.000 EUR financing from GapMinder.
The company has been selected to participate in the Alpha startup program within Web Summit 2019.
In August 2019, Sypher announced a strategic partnership with Mediapost HitMail in Bulgaria. Here the company targets a 25% market share, with a portfolio of large and enterprise customers, from a range of diverse industries.
Sypher has been selected as a finalist for the Startup of The Year Award in the 2019 Central European Startup Awards.
In the coming two years we aim to extend our business in several European countries, in Western Europe as well as in the Central and Eastern Europe. Another priority is to consolidate our partnerships with consultants and companies providing DPO services and legal offices using Sypher Suite when managing their clients’ projects.
Mihai Ghita, Sypher co-founder
Join the Conversation
We’d love to hear what you have to say.
Get in touch with us on Facebook Group and Twitter.
5 Tips For Better Internet Security to Secure Your Business’s Future
As an entrepreneur, your efforts are focused on securing the future of your business in the form of funding, marketing and sales, brand awareness.
What you might not be aware of is that internet security is equally important.
Read on to learn how to secure your business’s future through better internet security.
Last year saw the introduction of the GDPR legislation.
This year, we’ve started seeing companies facing stiff fines thanks to contravening these regulations. The fines imposed can be substantial. You’re looking at between 2% and 4% of your annual turnover. And, if you’re thinking, “How bad could it really be?” the maximum fine is €20 million.
Complying with GDPR must be part and parcel of your business plan going forward. It makes sense to consider having an expert in security awareness training come in and update your staff on how to improve their data security as soon as possible.
Learn more: What is CEO Fraud?
Here are 5 tips to get you started on the right foot:
1. Creating stronger passwords
Having a strong password is not going to guarantee that you won’t get hacked, but it helps stack the odds in your favour. Start by selecting a new password with at least 16 characters and randomized characters.
2. Use a unique password for business purposes
Everyone at your business must choose a unique password that is only used for logging into your system.
3. Conduct a phishing test
This is where you send out an email like one that a phisher would use. You’ll need to monitor which staff members click on the link in the email. If someone falls for it, they’ll need more training in recognizing phishing emails.
4. Reconsider allowing staff to use their own devices
It’s convenient for your staff to be able to use their own devices. The problem is that their devices might not be as secure as you like. It’s a better idea to get your staff to use a company device or to ensure that their devices are as secure as your office systems.
5. Consider enabling two-factor authentication
It’s not a bad idea to make use of two-factor authentication when logging into the office systems. It’s only going to add a minute or two to the sign-in process, but it’s a great way to make your system more secure.
If you’re looking for even more tips, check out the infographic we’ve got for you below.
Better security is only going to be better for your business.
Take some extra steps today to secure your company’s tomorrow.
Join the Conversation
We’d love to hear what you have to say.
Get in touch with us on Facebook and Twitter.
Where is Facebook heading?
Where is Facebook heading? What problems is Facebook struggling with? What will the future bring for this tech giant and its users?
Let’s take a closer look!
Fake news – lack of responsibility
Fake news is propaganda dressed as journalism.
The 2016 US presidential election campaign wasn’t only a battle between two candidates, but a war on truth fought on Facebook by digital foreign companies. Instead of guns, these companies and entities used fake news and Facebook’s algorithm helped them get shared, liked and commented upon by millions of people.
Facing accusations regarding the widespread of fake news, Facebook said they were not a media company, but a medium, a technology platform. Many were angered by Facebook failing to take responsibility. Since then, the tech giant has tackled the situation of fake news with a changed attitude. Facebook has begun its own war on fake news but with limited success.
Brand image – Cambridge Analytica and #deletefacebook
Earlier this year, several American and British newspapers and news channels broke reports on how Cambridge Analytica played a role in harvesting and misusing private and personal information from more than 50 million Facebook users. Their conclusion: the data breach was one of the largest in the history of Facebook.
These reports claim the political data firm accessed private Facebook user data and then used that information to target ads that supported Donald Trump’s presidential campaign and influenced the outcome of the UK Brexit referendum. The Cambridge Analytica scandal has taken its toll on Facebook – it lost over a $100 billion in market capitalization.
Many cried out “manipulation”, “breach of trust” and felt that Facebook’s reputation has been harmed. The #deletefacebook movement initiated on Twitter has gained momentum in recent weeks as a way for people to fight against Facebook. Many public figures and personalities have joined the movement and deleted their Facebook accounts: Brian Acton (founder of WhatsApp), Steve Wozniak, Elon Musk, singer Cher, actors Jim Carrey, Will Ferrell and Susan Sarandon.
GDPR – giving back the power to the social media user
The GDPR is a set of standardised data protection laws that come into effect on May 25th 2018 across all EU countries.
How will GDPR affect Facebook?
Under GDPR rules, Facebook will be forced to limit its targeting capabilities.
A study conducted by researchers at the Charles III University of Madrid found that
73% of Facebook’s European users were targeted by marketers based on the use of characteristics that will be illegal under GDPR.
The new regulations forbid companies from processing data on race, ethnicity, political opinions, religious beliefs, trade union membership or sexual orientation without active consent. Because many of Facebook’s current data collection policies are in breach of Europe’s new privacy rules, its ability to sell advertising based on targeted user information is under threat.
Also Facebook is expecting the European user count to flat or go down, but Facebook CFO David Wehner said they were confident they will “continue to build a great ads business”.
Currently there are 2 billion people on Facebook, with a reported 13% increase in users in Q1 of this year. It’s safe to say the giant tech company is here to stay.
But it’s up to Mark and his team to learn from past mistakes.
In order to keep being successful, Facebook needs to come up with new features and innovative products that serve user interests.
It also needs to find new ways to attract advertising money while being compliant with GDPR rules (only for European users).
Here is Facebook acknowledging the past and preparing for the future:
How the UK marketers feel towards the GDPR
Only 11% of marketers already have systems in place to ensure they don’t fall foul of the legislation, as shows data from YouGov and The Chartered Institute of Marketing (CIM). From May 2018, the EU General Data Protection Regulation (GDPR) will come into effect. The reform is one of the most significant in years at 200-pages long and formalizes concepts like the ‘right to be forgotten’, data breach accountability, data portability and more. Huge fines of €20m, or up to 4% of global revenues, have been threatened for non-compliance.
The study into the challenges and opportunities facing those in the industry was based on two separate surveys from YouGov and the CIM. Key findings from the former, which surveyed 225 marketers found that for those in the UK, Brexit (55%) and a recession (47%) were the top concerns for the year ahead. Only 13% of those quizzed said that GDPR would be a significant cause of worry, with just 31% admitting they do not know whether their business has taken steps to ensure they’re compliant.
source: The Chartered Institute of Marketing (CIM)
The CIM’s dataset from 112 members revealed that 70% of marketers are concerned about factors outside of their control, including data breaches, impacting on their brand. The introduction of GDPR will have huge ramifications for marketers who handle personal data and also place demands on businesses to demonstrate informed consent to use consumers’ personal data for marketing purposes – something marketers have previously expressed anxiety over.
Chris Daly, chief executive of the CIM said that while marketers were conscious of impending challenges like Brexit and other digital trends, they have to make sure it doesn’t obscure other issues.
“It is concerning to see that GDPR has not been fully considered, given the wide-reaching impact this will have on business areas which deal with data – marketers’ natural habitat. Given the concerns that emerged from consumers last year over how businesses collect and use customer data, marketers must make sure they are prepared and ready for GDPR sooner rather than later. By staying on the right side of the incoming legislation, marketers are best placed to safeguard not only their business’ reputation, but also its finances.”
The report, “The Challenges and Opportunities facing Marketers in 2017”, features the results of a YouGov survey of 255 marketers, in which more than half (55%) said the UK’s exit from the European Union was among their top concerns.
As a result of the UK’s looming constitutional changes, 54% of marketers said they expected to see an increase in “Brand Britain” messaging, and 19% said they were already looking at how to incorporate this into their own marketing.
Further data from a survey of 112 CIM members, conducted via Survey Monkey, reveals that:
- 70% of marketers are concerned about factors outside of their control (data breach, tax scandals, workers’ rights problems) impacting on the brand
- 95% think marketers need more influence and involvement with the broader business in order to protect brand reputation
Despite the influence social media gives consumers, only 18% of marketers are confident they can handle anything social media throws at them.
One of the key drivers for this is the impact of social media, which gives consumers a platform to shine a light on bad brand behaviour – in fact, 89% of marketers believe the Internet, and social media in particular, gives consumers more power to effect change over brands. However, 21% of marketers feel that while they can manage social media daily, they would struggle in the midst of a Twitter storm. Half of marketers (49%) also say they are not getting the most out of their social media, with 22% attributing this to a lack of investment. While marketers are trying to keep up with changing customer expectations, it would seem some are being held back by the business.