Legacy systems 'unintentionally causing GDPR violations'

After more a year since its introduction, companies are still violating GDPR regulations, possibly without even knowing it, according to tech company Auger.

25 May marked one year since the introduction of the regulations, which brought in a lot of changes to the way companies dealt with customer and staff information.

But Neil Wilks, head of tech at Auger says “the more basic principles of GDPR are often compromised by legacy systems.”

He said: “Customer data should be fully protected, but the ability to comply with some of the more basic principles of GDPR are often compromised by legacy systems.

“These systems churn out one size fits all instructions which often contain far more information than the recipient requires.”

Challenge in adopting new systems

Wilks says there is “a strong commitment to build sophisticated IT infrastructures and systems which have the appropriate defence mechanisms to minimise the risk of data breaches.”

But, he thinks the need to use self-service tools often leads to the relaxing of security requirements for logging into these systems.

“We’re all about delivering frictionless experiences for everyone involved in the claims process but an unintentionally relaxed approach to password complexity and access result in unnecessary risk.

“There are times when you have no choice but to hold firm and balance the user experience in the name of security and maintaining GDPR compliance.”

Where should we be looking?

Wilks said that, from the top level, companies need to look at new techniques to ensure security in a frictionless ecosystem.

“We should be looking to work together to look at secure authentication methods such as SSO (single sign on) to reduce friction whilst maintaining high standards of security.”

He said: “The challenge as ever is likely to be an insurer’s ability to adopt new and emerging technology such as SAML with their legacy systems.”