28 March 2017
Blogs by author: Jose Francisco Pereiro Seco, Head of Data Security Europe, BT.
Digital transformation unlocks huge potential — and raises significant data protection and privacy risks. Here’s what the GDPR means for your security.
Regulatory change for a digital world: GDPR.
On 14 April 2016, the European Parliament adopted a new regulation that will replace the 1995 Data Protection Directive. The EU 2016/679 regulation (also known as the General Data Protection Regulation or GDPR) covers the protection of natural persons with regard to the processing of personal data, and the free movement of such data.
The GDPR comes into force in May 2018, giving citizens of EU countries greater rights over their personal information, and placing greater obligations on organisations to protect this data. At the highest level, it gives citizens the right to be forgotten, the right to know when personal data falls into the wrong hands (e.g. hackers) and spells out the need for explicit consent (in certain cases) prior to processing personal information.
Why the GDPR needs to be top of your agenda.
The GDPR is a hard-hitting piece of regulation that comes with serious consequences for organisations who fail to comply with its strictures.
You have just over a year to get to grips with it, making now the ideal time to plan and implement how you’re going to ensure compliance. With fines of up to four per cent of your global annual turnover, diligent investigation and planning seems prudent. Particularly when achieving compliance requires more than putting a new process or piece of technology in place.
Your organisation currently faces the challenge of reassessing your entire security landscape through the prism of the impending GDPR. You need every aspect of your security to understand and protect personal data, so that you can confidently comply with the various legal, regulatory and industry requirements. It’ll also be important to be able to demonstrate that you have in place the security measures appropriate to the risks you face, and the criticality of the data you hold.
Without a successful security strategy in place, it’ll take just one data-security breach to trigger financial, regulatory and reputational consequences.
Getting your security ready for the GDPR.
With the tight timescales, thoroughly preparing your security infrastructure and data handling processes for the GDPR can seem daunting. But we recommend four simple steps to ensure you’re ready for the May 2018 ‘switch on’.
1.Start by achieving a thorough understanding of how personal data moves around your business. Make sure to take into account the associated processes, too.
2.Establish a specific work stream for security review (using gap analysis and assessment) within your data-protection programmes.
3.Get working on addressing any gaps you identify and redesign the relevant security architecture where necessary.
4.Reassessing your technical and organisational security controls to support compliance with the GDPR, with particular focus on developing security processes to detect and mitigate data leaks.
Preparing for the GDPR means taking a fresh look at how you view data protection and security. But investing the time and effort to get it right will open new doors for your organisation in this digital age.