Thales eSecurity Blog

The EU General Data Protection Regulation (GDPR) is finally here: will it provide the much needed wakeup call for businesses?

Louise Bulman
Louise Bulman | AVP of EMEA More About This Author >

EU GDPRWith the ever increasing list of high profile data breaches coupled with multiple uneven local data protection regulations in Europe, it comes as no surprise that a single EU-wide regulation, the General Data Protection Regulation (GDPR), was agreed upon on 15 December, subject to final endorsement by both the European Parliament and EU member states, expected by early next week.

ClickToTweet: Will the New EU #GDPR finally wake up businesses to #cyberthreats? http://bit.ly/1Qsv87G

Cyber criminals are not unique to any specific country so EU collaboration on combatting the problem is essential.  Growing fears over cyber security have already prompted the EU to introduce a new law known as the Network and Information Security Directive which will see businesses facing strict punishments if they fail to comply with security regulations put in place.

Severe fines of up to four per cent of global turnover for non-compliance and a change in scope brought about by the GDPR ensure that there will be legislations in place that are relevant to the new cloud, mobile, social, and collaborative era of business. Hopefully this means, that finally, organisations will be forced to get their security in order and sensitive data will be made safer through encryption with access control. According to a survey carried out by Vanson Bourne , 69% of respondents state that they will need to make investments in technology to reduce the impact of the new data protection regulation, with encryption being the technology most likely to be invested in.

Understandably, for some, these updates in security are going to prove challenging, there are a number of things to consider including financial and time constraints (two thirds of the survey respondents stated that changing data protection regulatory requirements is a burden on their business).  24 months will be the amount of time given to achieve compliance once the legislation has been finalised.  Those two years will go quickly and my advice is for businesses to start planning and mapping out their security strategies immediately to give them time to adopt the relevant technologies and prevent themselves from falling behind and potentially flatlining as a consequence.

Time is ticking away and the sooner companies start understanding and implementing adequate security measures and transparent data encryption, the sooner the customers’ minds can be put at rest, knowing that the necessary precautions are being taken to keep their personal information out of the wrong hands. The GDPR is a step in the right direction and will hopefully bring about a much needed wakeup call to organisations currently sleeping on essential security requirements.