With the deadline for GDPR fast approaching, organisations are hastily seeking new technologies to enable compliance, and consequently, this new legislation is already becoming a substantial driver of growth in both security and storage markets in Europe. At a recent IT Security Strategy Insights meeting, we spoke to over 120 IT Security Directors from large enterprise, discussing and analysing their future requirements. We will also see considerable growth in demand for technologies with capabilities of data loss prevention and data classification. The European Union’s General Data Protection Regulation is a new piece of legislation which will be coming into effect on 25 May 2018, the implementation of which is set to dramatically change the data protection landscape not only across the EU, but globally. Although the GDPR harmonises legislation across the EU, removing the complexities that organisations currently face when complying with differing local regulations, the challenges of compliance presented by the sheer scope of the GDPR are undeniably immense, and the degree of change seen in certain aspects of the regulation means that many organisations are delving into unknown territory. Though the outlook may first appear bleak, for every compliance challenge presented there is also an equal opportunity, for those who are willing to form part of the solution. The maximum fine for non-compliance is 4% of global revenue and combined with the introduction of mandatory breach notifications, organisations have to dramatically enhance their data protection practices. The timescale for compliance is tight, as such the rapid speed of implementation is driving substantial services revenue. Organisations are seeking help in prioritising risks, achieving compliance and ensuring they are in a defensible position when the day finally arrives, and there is a golden opportunity available for solution providers to help them to make privacy a major competitive differentiator. If you’re interested in participating in our GDPR roundtables please fill out an enquiry form, or contact us to find out more.
What Publishers Need to Know
From 25th May 2018, the General Data Protection Regulation will come into force and replace the way publishers are able to store, use and distribute data. The new regulation will supersede the outdated 1998 Data Protection Act. Introducing harsher fines for non-compliant companies and giving people across European countries more control over what organisations can do with their personal data. Under the new legislation personal data now extends further than personally identifiable information data which currently includes: name, email address, purchases, etc. GDPR now incorporates non-personally identifiable information for the digital age such as anonymous cookies, location-based data, IP address, etc. All the information collected must have a clear opt-in/opt-out process and explain what data is being collected and why. The new legislation will affect all EU countries and those companies that are based outside of the EU if they collect or use personal data of European residents. A supervisory body can also decide to force an organisation to cease all collecting and use of data if regulations are not followed. The new GDPR affects individuals, organisations, and companies that are either Controllers or Processors of personal data. Controllers – The entity that decides the purpose and use that the personal data you have collected is used. GDPR will have a larger impact on some organisations more than others it will affect every company that collects data in some way. Many parts of the regulation are similar to the current Data Protection Act and can relate to information that is collected through an automated process. You will be required to review your approach to data protection and change the way your business handles all data. Businesses must have data protection policies, data protection impact assessments and relevant documents on how data is processed in order to be fully GDPR compliant. Businesses must have data protection policies, data protection impact assessments and relevant documents on how data is processed in order to be fully GDPR compliant or face substantial fines.
Zurich Warns SMBs About GDPR Non-Compliance
New research suggests the upcoming General Data Protection Regulation could threaten small businesses in the U.K. if they find themselves out of compliance with the data protection rules. Reports in SmallBusiness.co.uk Thursday said research released by insurance company Zurich in its “SME Risk Index” report found many small- and medium-sized businesses across the U.K. are at-risk for significant fines, as many remain unaware of the requirements under the GDPR rules. That includes new data protection officer employment requirements, calling for businesses that handle vast amounts of data to hire data protection specialists. In a survey of more than 1,000 small businesses, Zurich found that 85 percent of them will be impacted in some way by GDPR, yet 44 percent said they were not aware they would be required to hire a DPO under the regulation. That requirement comes into effect next May, and only one-third of SMBs said they currently employ a DPO. Small businesses could face regulatory fines for non-compliance, which could be as high a 4 percent of a business’ total turnover and a maximum of more than $24 million. Approximately 25 percent of SMBs surveyed told researchers they would be able to continue operations if they were hit with a fine that large. One-tenth said such a fine would force them to close operations altogether. “Cybersecurity-trained staff are already a rare and highly sought-after commodity, and business leaders should be gravely concerned about their ability to find and hire data security personnel,” said Paul Tombs, Zurich head of SME proposition, in a statement. “If your business requires a DPO, then investing in training current staff is probably the quickest and simplest solution given the current job market for these individuals. Stomaching the investment in training now may be hard to bear, but the repercussions for not doing so will be dire.” According to reports, separate data from Cybersecurity Ventures suggests a cybersecurity job shortage by 2021.