IP EXPO Europe 2018 - Cyber post GDPR – Speed, Transparency, Preparedness
Register Now
IP EXPOCyber SecurityDeveloperAI and AnalyticsIoTBlockchain

Cyber post GDPR – Speed, Transparency, Preparedness

Wednesday 08 August 2018

Not a week goes by without there being yet another headline about a data breach or hack at a big, well-known business. In recent months we’ve seen Ticketmaster and Carphone Dixons suffer breaches, and it’s only a matter of time before we see another Equifax or TalkTalk.

Although not purely focused on data security, the recent introduction of GDPR should hopefully light a fire under businesses to get their data security in order. With fines now up to 4% of annual global turnover or €20 Million (whichever is greater), up from the previous £500,000 ceiling, there’s a real financial incentive for businesses of all sizes not to drop the ball on their security obligations.

The main changes that GDPR will have on the cybersecurity landscape are around speed and transparency. The first day or two following discovery of a vulnerability or breach are now critical for companies looking to remain GDPR compliant. Businesses must now identify and resolve any vulnerabilities, gather as much information concerning the technical and legal circumstances of the breach, and then report it to the regulatory authority within 72 hours. This is followed by a notification of any customers who may be affected.

This is quite a shift, and what it really boils down to is a necessary change in processes, and also culture, within organisations when it comes to data security. Previously, many companies have been slow to reveal a breach in a timely fashion, fearing the reputational damage that could be dealt more so than the fines that might be imposed upon them.

Now that the balance has been shifted, and the fines are potentially so vast, businesses will be compelled to be more agile in their reaction to breaches. A good first step will be to ensure that the workforce is properly trained on the processes of handling a breach, and that responsibility is appropriately distributed.

For businesses confused as to how to make this change, Cyber Essentials, a UK government-backed cyber security standard, is a useful guiding framework. It can give organisations the confidence that they are managing and safeguarding their sensitive data in the right way, as well as layout a best practice plan for handling a data breach.

The post GDPR-world is going to be much tougher on businesses, and if they fail to get their security affairs in order we’ll see a lot of fines, and a lot of headlines.

To find out more about cyber security and your business, register here - www.ipexpoeurope.com