GDPR Is Now Effective

Uploaded on 2018-06-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The long-anticipated General Data Protection Regulation is finally upon us. For the benefit of anyone that has been living under a rock, GDPR is a regulation put forth by the European Union that intends to ensure stronger data protection and better ownership of private data for all European citizens. 

It gives control over private data back to said citizens and includes some very severe penalties for any organisation that does not comply. Most notably, it makes no distinction as to whether an organisation is based in the EU or internationally, if they hold the private data of a European citizen, they have to comply with GDPR. 

It became enforceable on Friday May 25, 2018. After this, any organisation that is not already compliant will very likely be hit with significant fines, and possibly even sanctions. 

Even if you haven’t been scrambling to ensure compliance, you’ve at least heard of GDPR in passing. And you’ve (hopefully) at least considered what’s involved in becoming compliant.

Ultimately, it all comes down to data hygiene. It comes down to knowing exactly what data is stored where, how that data is used, how that data is secured, who uses that data, and who has a right to it. It also comes down to having systems and processes in place for effective data erasure, and redundant architecture to ensure full availability of data to citizens. 

It’s all stuff that you should be doing anyway, in other words. Yet it’s also stuff that most businesses rather bafflingly don’t bother doing. Their reasons are many, a lack of expertise, a lack of resources, an unexpected period of growth….
But the end result is the same. They’re non-compliant, and that will come back to bite them. If not now, then in the very near future. 

“GDPR is a wake-up call for American companies to solidify best practices around their big data and data science initiatives,” explains Datanami’s Alex Woodie. 

“While American firms today must follow a mishmash of data handling laws for specific sectors like healthcare and banking, there’s no single overarching law telling what they can and can’t do with data in a broad sense.”

That’s the purpose that GDPR serves. And if you think there won’t soon be more regulations like it, if you think that more governments will not soon follow suit, you simply haven’t been paying attention. 
Cyber-security and privacy are rapidly coming into the public eye.

People want more ownership over their identities. People are growing more cautious and concerned about cyber-security. And people want businesses to be held accountable for carelessness where sensitive data is concerned. 

GDPR is the end result of those desires, the end result of governments paying closer attention to cyber-security and data protection. And it should serve as a warning for you to follow suit. Because if you don’t, you’ll have only yourself to blame when you’re brought low by non-compliance penalties. 

The Work for GDPR has just Begun
Now that the implementation date has arrived, it would be simple for CISOs and cybersecurity professionals to see GDPR as job done. Yet the task to comply with GDPR does not finish today. Cybersecurity professionals will play an intrinsic role to ensure compliance is maintained long term. For example, cyber professionals will always be monitoring for any abuse, illegal access or breaches and then working with the legal team and Data Protection Officer to report it to DPAs (or publicly if needed) should one occur.

Additional Legislation
While Europe’s attention has been heavily focused on GDPR, there are other regulations which CISOs and cybersecurity professionals must manage. Most notably is the Networks and Information Security(NIS) Directive, which aims to improve the EU’s preparedness for cyber-attacks, particularly on critical infrastructure such as energy, utilities, finance, healthcare, digital infrastructure and transport. 

This regulation means that CISOs operating in these industries and the public sector will have to implement high defenses against cyber-attacks.

While GDPR focuses on personal data, this regulation is about system-level infrastructure, and so will be a great challenge for the relevant CISOs. We may also envisage the trends around AI and IoT as big issues to handle in a near future.
GDPR is the start of a new era for cybersecurity professionals and, in particular, CISOs. While it remains a critical role of the CISO to ensure their business is compliant, with GDPR and other legislation, there’s also a large opportunity.

To contact the GDPR Advisory Board please visit: www.gdpr-board.co.uk

Information-Management:

You Might Also Read:

GDPR - More People Will Share Data:

GDPR: It’s A Marathon, Not A Sprint:

 

 

 

« Japan’s Secret Spy Agency
Nation State Cyber Attacks Are An Act Of War »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Softtek

Softtek

Softtek helps its clients to gain a competitive edge by implementing digital solutions that propel their business strategies.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Soteria Cybersecurity

Soteria Cybersecurity

Soteria is your trusted Cybersecurity Partner in IT and OT.

Quantonation

Quantonation

Quantonation is a global early-stage venture capital fund investing in breakthrough technologies based on advances in physics and computing.