by Bharat Mistry
The UK government this week introduced its Data Protection Bill, ending months of speculation over just how committed it was to preserving the country’s fast-growing digital economy. If passed, the new legislation will write into UK law the EU General Data Protection Regulation. The good news is, UK IT and business leaders finally have clarity over the future: the GDPR will still apply post-Brexit. The bad news: there’s little more than nine months before the new regulation comes into force.
That’s why we’ve devoted plenty of time to focus on data protection issues at our upcoming CLOUDSEC conference in London next month. It promises to be a must-see event for any IT decision makers still struggling to comply with the sweeping new laws.
A new era
The Data Protection Bill will upgrade the UK’s privacy laws for the digital age, providing consumers with new rights including data portability and the right to be forgotten, and forcing businesses to follow strict new rules. Chief among these is that they devote enough resources to the correct and secure management of customer data. Fail, and they could be in for maximum fines of £17 million, or 4% of global annual turnover, whichever is higher.
It’s a much-needed revamp of existing laws which puts a greater focus on personal privacy, and should force organisations to improve data protection. However, there will be many concerned by the prospect of punitive fines which could put them out of business. The past few months have seen a multitude of data breaches at organisations as diverse as Newcastle City Council, Bupa, Wonga and more. They came from a variety of sources – including both malicious and negligent insiders – highlighting the challenge facing firms.
For any IT leaders hopeful that privacy watchdog the ICO will go easy on them, think again. The UK is already among the most fined countries in Europe when it comes to data protection breaches. The ICO doubled the cost of its penalties in 2016 to £3.2m, second only to Italy. It also issued 23 enforcement notices, a 155% increase, according to PwC.
CLOUDSEC 17 to the rescue
Given the range of online threats facing UK organisations today and the size and complexity of the GDPR/Digital Protection Bill, compliance can seem like a daunting challenge. Yet with not long to go before the 25 May 2018 deadline, time is of the essence. Our forthcoming CLOUDSEC 2017 conference in London next month offers IT decision makers an ideal opportunity to find out more, and collect some great best practice advice from peers and industry experts.
Stewart Room, PwC Legal’s Global Head of Data Protection & Cyber Security, will be on hand to guide attendees through a “risk based approach to preparing for GDPR”. Stewart is an internationally renowned expert on data protection law and what he doesn’t know about GDPR compliance isn’t worth knowing. Then in the afternoon, John Godwin, Director of Compliance and IA at public sector provider UKCloud, will discuss how the cloud may offer a silver lining for firms currently undertaking compliance programs.
That’s not all: there’ll be senior representatives from GCHQ, the FBI, Interpol, Microsoft, AWS, OWASP, Gartner, Trend Micro and many more, all primed and ready to share their expertise on a range of cybersecurity issues. This isn’t the place to come for a snooze while sales guys on stage rehash well-worn marketing messages. It’s a vendor-neutral environment for serious cybersecurity learning and networking designed to add real value for IT and business leaders.
Tickets are selling fast, so to book your spot, get in touch today.
What: CLOUDSEC 2017
When: Tuesday 5 September
Where: Park Plaza Westminster Bridge, London