GDPR Is Now Effective

The long-anticipated General Data Protection Regulation is finally upon us. For the benefit of anyone that has been living under a rock, GDPR is a regulation put forth by the European Union that intends to ensure stronger data protection and better ownership of private data for all European citizens. 

It gives control over private data back to said citizens and includes some very severe penalties for any organisation that does not comply. Most notably, it makes no distinction as to whether an organisation is based in the EU or internationally, if they hold the private data of a European citizen, they have to comply with GDPR. 

It became enforceable on Friday May 25, 2018. After this, any organisation that is not already compliant will very likely be hit with significant fines, and possibly even sanctions. 

Even if you haven’t been scrambling to ensure compliance, you’ve at least heard of GDPR in passing. And you’ve (hopefully) at least considered what’s involved in becoming compliant.

Ultimately, it all comes down to data hygiene. It comes down to knowing exactly what data is stored where, how that data is used, how that data is secured, who uses that data, and who has a right to it. It also comes down to having systems and processes in place for effective data erasure, and redundant architecture to ensure full availability of data to citizens. 

It’s all stuff that you should be doing anyway, in other words. Yet it’s also stuff that most businesses rather bafflingly don’t bother doing. Their reasons are many, a lack of expertise, a lack of resources, an unexpected period of growth….
But the end result is the same. They’re non-compliant, and that will come back to bite them. If not now, then in the very near future. 

“GDPR is a wake-up call for American companies to solidify best practices around their big data and data science initiatives,” explains Datanami’s Alex Woodie. 

“While American firms today must follow a mishmash of data handling laws for specific sectors like healthcare and banking, there’s no single overarching law telling what they can and can’t do with data in a broad sense.”

That’s the purpose that GDPR serves. And if you think there won’t soon be more regulations like it, if you think that more governments will not soon follow suit, you simply haven’t been paying attention. 
Cyber-security and privacy are rapidly coming into the public eye.

People want more ownership over their identities. People are growing more cautious and concerned about cyber-security. And people want businesses to be held accountable for carelessness where sensitive data is concerned. 

GDPR is the end result of those desires, the end result of governments paying closer attention to cyber-security and data protection. And it should serve as a warning for you to follow suit. Because if you don’t, you’ll have only yourself to blame when you’re brought low by non-compliance penalties. 

The Work for GDPR has just Begun
Now that the implementation date has arrived, it would be simple for CISOs and cybersecurity professionals to see GDPR as job done. Yet the task to comply with GDPR does not finish today. Cybersecurity professionals will play an intrinsic role to ensure compliance is maintained long term. For example, cyber professionals will always be monitoring for any abuse, illegal access or breaches and then working with the legal team and Data Protection Officer to report it to DPAs (or publicly if needed) should one occur.

Additional Legislation
While Europe’s attention has been heavily focused on GDPR, there are other regulations which CISOs and cybersecurity professionals must manage. Most notably is the Networks and Information Security(NIS) Directive, which aims to improve the EU’s preparedness for cyber-attacks, particularly on critical infrastructure such as energy, utilities, finance, healthcare, digital infrastructure and transport. 

This regulation means that CISOs operating in these industries and the public sector will have to implement high defenses against cyber-attacks.

While GDPR focuses on personal data, this regulation is about system-level infrastructure, and so will be a great challenge for the relevant CISOs. We may also envisage the trends around AI and IoT as big issues to handle in a near future.
GDPR is the start of a new era for cybersecurity professionals and, in particular, CISOs. While it remains a critical role of the CISO to ensure their business is compliant, with GDPR and other legislation, there’s also a large opportunity.

To contact the GDPR Advisory Board please visit: www.gdpr-board.co.uk

Information-Management:

You Might Also Read:

GDPR - More People Will Share Data:

GDPR: It’s A Marathon, Not A Sprint:

 

 

 

« Japan’s Secret Spy Agency
Nation State Cyber Attacks Are An Act Of War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Mimecast

Mimecast

Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365 including archiving, continuity and security.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Inspirria Cloudtech

Inspirria Cloudtech

Inspirria Cloudtech is a specialized Cloud Technologies Services provider and Cloud Aggregator focused on executing cloud models for clients.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.