One year until GDPR: What experts are saying
The looming EU General Data Protection Regulation (EU GDPR) body of regulations will come into effect one year from today.
EU GDPR is a group of rules designed to coordinate data protection laws across Europe that is set to become legal requirements from 25 May 2018.
The fines associated with EU GDPR can be as high as €20 million or 4% of global turnover.
The introduction of the regulations is set to shake up the way that many businesses, both within the EU and external to it, do business, interact with consumers and operate.
Here are what some experts are saying about what businesses need to be thinking about and preparing for over the next 12 months:
Bruce Potter, Chairman of law firm Blake Morgan:
“The huge growth of the digital economy in recent years requires a more robust legal framework to ensure public confidence in the protection of information and organisations now need to adapt to these higher standards.
there will be a significant increase in monetary penalties
“It is not only reputation that is at stake for failure to comply as there will be a significant increase in monetary penalties. Our data protection and regulatory experts have carefully devised this guide which highlights the most important actions organisations should take to comply and I would urge decision-makers to take a look.”
Guy Marson, Managing Director of data science and marketing services company Profusion:
“Nearly every company will be touched by GDPR as it impacts the management of data and the communication with customers and other businesses. It practically makes data management infrastructure a legal requirement and radically changes how companies market themselves – particularly via email.
I believe that most companies would actually benefit from tailored more holistic solutions
“There are a lot of companies now offering software solutions to help companies become GDPR compliant, however, I believe that most companies would actually benefit from tailored more holistic solutions. Regardless of GDPR, proper data management infrastructure and systems can create excellent cost and time efficiencies and, via analysis, uncover profound insights into how a business operates and the behaviour and needs of customers. Put simply, even if you are under the misapprehension that GDPR is not a big deal, your business should have up-to-date data management in place.”
Richard Henderson, global security strategist at security company Absolute:
“To describe the new rules as an update or a refinement in the data protection regime is not accurate – this is not a fine-tuning of the law. A far more fundamental change is taking place.
businesses will not be able to get away without having complete visibility into endpoint assets at all times
“Under EU GDPR, businesses will not be able to get away without having complete visibility into endpoint assets at all times so they can identify suspicious activity and take action – whether a device is connected to the corporate network or not. In this hyper-connected world, businesses cannot afford devices to ‘go dark.’ They need to maintain a constant connection, and have the ability to remotely control data stored on endpoint devices to stop them becoming the gateway to a damaging breach, and subsequently protecting themselves from the repercussions of lax security.”
Ross Brewer, vice president and managing director at security intelligence and analytics company LogRhythm:
“This will be exacerbated even more with the introduction of the short notification window. With only 72 hours to notify authorities and, in some cases those affected, companies will be under greater amounts of pressure to have full insight into the scope and scale of an attack as soon as it’s been identified.
with only 72 hours to notify authorities companies will be under greater amounts of pressure to have full insight into the scope and scale of an attack
“Time will be of the essence and it will be essential for organisations to have an accurate idea of the ‘who’, ‘what’, ‘how’ and ‘how big’ within those three days. Running the risk of under or over-disclosure could not only see companies feel the wrath of regulators, it could also lead to undue embarrassment – after all, who can forget the biggest case of over-disclosure following a recent global breach?
“As a result of EU GDPR, we will see monitoring, detection and response become a much more fundamental component of a company’s cyber security strategy. Indeed, businesses will require a more coordinated and efficient approach to threat detection that goes far beyond simply deploying firewalls or anti-virus. Having an end-to-end threat lifecycle management process that gives businesses the insight and full facts of a compromise from the offset will be vital, and businesses need to make sure they are adapting their strategies now so that they are fully prepared this time next year.”
Richard Lack, Managing Director – EMEA at customer identity management company Gigya:
“With just one year to go until the GDPR comes into force, the countdown to the death of third-party data has begun.
the countdown to the death of third-party data has begun
“GDPR, love it or hate it, is the EU’s attempt to put consumers back in control of their online data and compel businesses to keep that data safe from hackers. No more obscure service agreements that we all accept with a single click and never read.
“Businesses must ensure that they have compliant systems in place to prevent a mass consumer ‘opt-out’ when the new regulations are enforced or even worse, face hefty penalties for non-compliance, with fines as large as four per cent of annual revenue.
“Businesses have a year to wean themselves from third-party data and refocus on engaging directly with their audience to obtain first-party data. This might not be the easiest path, but it’s the best way to build committed and long-lasting customer relationships.”
Steve Martin, Data Protection Officer at consumer and business data company Equifax:
“Mobile data traffic is set to increase seven-fold between 2016 and 2021, and telcos need to work hard to ensure their defences can withstand attempted hacks.”
at the heart of the change is more transparency for consumers
“At the heart of the change is more transparency for consumers; companies must provide clear communication detailing how they manage and protect data from the outset. To avoid confusion, win consumers’ trust, and ensure data can continue to be used effectively, all parties in the data sharing chain need to work together to agree a common approach for privacy notices.”