GDPR: What Does it Mean for Businesses?


By Ian Kilpatrick, EVP Cyber Security for Nuvias Group

On May 25, 2018, the General Data Protection Regulation (GDPR) will come into force, and will be a game-changer in how organisations store, secure and manage personal data.

Ian Kilpatrick, EVP Cyber Security, Nuvias
Ian Kilpatrick, EVP Cyber Security, Nuvias
GDPR will affect the whole of the EU Zone, which currently spans 28 member countries and half a billion citizens. Its goal is to unify data protection across the European Union, but because GDPR applies to individuals within the EU or the European Economic Area (EEA), companies outside these zones will still have to meet the standards if they want to continue using data from customers in the EU.

The purpose of the new regulation is to shift control of personal data back to the owner of that data. Every organisation should be aware that with GDPR comes huge fines for data breaches – up to four percent of annual global turnover or €20 million, whichever is greater. Therefore, the consequences of any data loss could be financially devastating for any company.

The data in question could be usernames, location data, online identifiers like IP address or cookies, or passwords. The loss of personal or work-related information – whether that’s access details, passwords, or any other customer data – is endemic today; almost 1.4 billion data records were lost in 2016 alone, an increase of 86 percent compared to the year before.

After next May, organisations will have 72 hours to disclose any serious data breaches to the relevant authorities – in the UK it’s the Information Commissioner’s Office (ICO), as well as the victim of the breach. The penalty for failing to notify them of a breach will be up to €10 million, or two percent of revenues.

Analyst firm IDC predicts that the severity of fines, coupled with the substantial changes in scope, will drive enterprises to radically shake up their data protection practices, seeking the assistance of new technologies to assist with compliance.

Despite all this, a survey by information services group, Experian, reports nearly half of businesses (48 percent) admit they are not ready for GDPR, and are only in the early stages of preparing for the regulations.

If they are not doing so already, organisations need to start putting plans in place now if they’re to meet the May 2018 deadline.

So, what steps can companies take to ensure their GDPR-compliance? The ability to ensure confidentiality, integrity, availability and resilience will be crucial – as will be restoring data in a timely manner in the event of an incident. Organisations will need a process for testing and evaluating the effectiveness of their security processes, meaning they will need to demonstrate they have taken adequate steps to protect the data.

GDPR doesn’t prescribe specific data protection technologies, but rather processes that organisations should undertake. However, companies should be talking to their IT providers about core data security solutions that cover things like encryption, access and identity management, two factor authentication, application control, intrusion prevention and detection, URL filtering, APT blocking and data loss protection. Also, they shouldn’t neglect the network, by securing wireless access points, for example.

Having a demonstrable security policy in place and making sure employees are fully trained in the correct security practices will prove invaluable.

Larger organisations and public bodies will require a data processing officer; this is a senior role that operates independently of the IT department and will enjoy significant protection, along with the responsibility of reporting any data breach. They will act as a fulcrum for developing, enacting and continually testing security compliance posture.

However, GDPR compliance is everyone’s responsibility, and shouldn’t be left to one team – legal, IT, HR and other business functions must all be involved with visible support from the executive level.

Something else that GDPR will likely affect is insurance. As the regulations require every business to report any data breach, there is going to more of an emphasis on liability and who is to blame as data losses come to light.

In simple terms, businesses should document everything they have done at a technical and policy level to show due diligence. There are several framework documents created at a national level that can help. For example, the UK’s national cyber security centre has a number of 10-step programmes that offer a basic checklist of areas that should be covered.

With heavy financial and reputational risk threatening, the sooner the new regulations are adopted, the more confident a company can be that it will not be found wanting when GDPR comes into effect.

Bio of author
Ian Kilpatrick, EVP (Executive Vice-President) Cyber Security for Nuvias Group

A leading and influential figure in the IT channel, Ian now heads up the Nuvias Cyber Security Practice. He has overall responsibility for cyber security strategy, as well as being a Nuvias board member. Ian brings many years of channel experience, particularly in security, to Nuvias. He was a founder member of the award-winning Wick Hill Group in the 1970s and thanks to his enthusiasm, motivational abilities and drive, led the company through its successful growth and development, to become a leading, international, value-added distributor, focused on security. Wick Hill was acquired by Nuvias in July 2015.

Ian is a thought leader, with a strong vision of the future in IT, focussing on business needs and benefits, rather than just technology. He is a much published author and a regular speaker at IT events. Before Wick Hill, Ian qualified as an accountant, was financial controller for a Fortune 50 company, and was a partner in a management consultancy.


For further press information or pic of Ian Kilpatrick, please contact Annabelle Brown on +44 (0)1326 318212, email pr@nuvias.com

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–