Ben joined Sage as Global CISO in 2018 after 16 years in the British Government. Sage is the UK’s largest technology company and Ben is responsible for protecting the global technology estate, products and cloud services for 3 million customers in 23 countries. Ben began his security career at the National Archives and finished as Deputy Government CSO, responsible for all aspects of UK government security. While in government Ben worked on numerous national crisis, such as the 2017 WannaCry outbreak, and led transformative security reforms to unlock access to public cloud and modernise decades old security practices.
It has been a year since the Global Data Protection Regulation came into effect. In what ways has GDPR affected businesses in the last year?
In practical terms many have adopted new data processes to meet the regulation’s requirements, some of those changes will have bedded in and others will still be a bit clunky but all will have impacted a lot of day to day operations. I’m sure that many organisations have ongoing data privacy programmes, either continuing to deliver GDPR compliance or moving beyond into other aspects of data governance and good housekeeping. Those unlucky enough to experience a breach will have worked in unfamiliar territory to meet new notification requirements.
More conceptually, GDPR will have elevated the way many businesses think about data from both a protection and exploitation perspective. Many will still consider it a Board issue. My sense is that this has driven the maturity and sophistication of the discussion forwards and will continue to do so into the coming years.