GDPR: it’s the final countdown April 25, 2018 Jim DeLorenzo | Solutions Marketing Manager More About This Author > Jim DeLorenzo, Solutions Marketing Manager, Thales eSecurity By now, few businesses can be unaware that there is just one month to go until the EU General Data Protection Regulation, better known as the GDPR, comes into force. Perhaps the most comprehensive data privacy standard ever introduced, the GDPR will impact every individual and business that is either a ‘controller’ or ‘processor’ of EU citizens’ personal data. (In)famously bringing with it the potential for fines of up to four percent of an organisation’s annual turnover or 20 million Euro, whichever is greater, the stakes are high for cases of non-compliance. According to my colleague, Peter Galvin, however, “we have to admit that data breaches are the new reality”. Our recent Global Data Threat Report revealed that two thirds of businesses (67%) have been breached, with over a third (36%) reporting a breach within the past year. Unsurprisingly, such breaches are a key focus of the GDPR, and organisations will be required to report the ‘destruction, loss, alteration, unauthorised disclosure of, or access to’ people’s data within 72 hours of the organisation learning about the breach, or risk coughing up a lot of money. In one of my previous posts, I wrote about how according to Article 34 of the new regulation, if an organisation is breached but has ‘implemented appropriate technical and organisational protection measures […] such as encryption’, it can avoid the 72-hour breach notification requirement, along with the inevitable administrative costs and reputational damage that will accompany it. Indeed, Article 32 states that organisations will be compelled to ‘implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk […] including the pseudonymisation and encryption of personal data’. Critical to complying with the GDPR, encryption was recognised in our report as being the top tool (42%) for meeting new privacy requirements, with around three quarters of respondents citing data-at-rest (77%) and data-in-motion (75%) solutions, such as encryption technologies, as being most effective at preventing data breaches. Despite this, however, Garret Bekker, principal security analyst, information security at 451 Research, comments that “security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk.” The GDPR is almost upon us. Given the huge potential financial and reputational impact that non-compliance could have on a business, it’s crucial that security strategies are brought in line with what’s required. The clock may be ticking, but we have a wealth of resources with which you can check whether your business is fit for GDPR. Don’t waste any time.