With one month to go until the GDPR compliance deadline, there are many organisations still struggling to get the right security processes and controls in place. A new global poll of senior legal officers from KPMG found that over half of (54%) feel their businesses is not prepared for the new privacy laws. Yet it doesn’t have to be this way. The biggest challenge with regulations like GDPR has been interpretation not only for the organisation but also for the certifying body. In the case of GDPR these are written in legal terms as opposed to technological ones, making it challenging to know what exactly needs to be done in order to be compliant. Proven frameworks such as NIST 800-53 can support a solid information security programme to help appease regulators. Continue reading →
New figures from jobs site Indeed this week reveal that vacancies for Data Protection Officers (DPOs) have soared by 709% in the two years since the EU General Data Protection Regulation (GDPR) was ratified two years back. It’s a shame that, with so long to prepare, organisations are only now wising up to the implications of the region-wide privacy law. Our own research has shown that many other areas of investment are also lacking.
What are needed most now are cool heads and a long-term, strategic approach to GDPR compliance. Racing to finish before the May 25 deadline could lead to mistakes and gaps which may cause more harm than good. Think of this as a continuous process, not a one-off Y2K-style effort. Continue reading →
There’s a major new piece of EU cybersecurity-related legislation landing in May, but it might not be the one you’re thinking of. Most UK organisations have their eyes firmly focused on the General Data Protection Regulation (GDPR). But arguably just as important for companies operating in critical infrastructure sectors is the new Security of Network and Information Systems (NIS) Directive. It introduces a range of best practice security steps which organisations must follow: fail to do so and you could face a GDPR-sized fine of up to £17m.
The government has already committed to transposing the directive into UK law irrespective of Brexit. With a 10 May deadline looming, the clock is ticking. Continue reading →
The past 12 months have been packed with geopolitical incident, global malware threats and ubiquitous big-name data breaches. From the CIA Vault7 and NSA Shadow Brokers leaks at the start of the year, to the WannaCry and NotPetya ‘ransomware’ campaigns, and Uber’s shock revelations just last month, there’s been plenty for UK CISOs to ruminate on. But now the year is nearly at an end, it might be useful to recap some of the biggest themes of 2017 — with an eye on fortifying systems for the 12 months to come. Continue reading →