We’ve been waiting some time for European GDPR regulators to flex their muscles since the legislation came into force at the end of May 2018. Well, now they have, after Google was handed a €50m (£44m) fine in France. Although this particular case revolved around privacy and transparency over how consumers’ information is used, rather than data security, it clearly serves as a warning notice for firms, wherever they are.
In light of the judgement, IT and data protection teams should be redoubling their compliance efforts. As we predicted in December, a maximum 4% fine is still on the cards for this year, and the next one could be for a major data breach. Continue reading →
This year’s Infosecurity Europe will be the first to take place under the new data protection regime brought in by the long-awaited EU GDPR. It’s going to be interesting to see how much coverage the new law gets. I’d wager, more than you’d think, because compliance doesn’t end on 25 May — for many firms, it will only start once the reality of the new legislation hits home. As we were reminded this week by a £120,000 fine handed down to Greenwich University, the regulator will come down hard on organisations that fail on cybersecurity. Continue reading →
With one month to go until the GDPR compliance deadline, there are many organisations still struggling to get the right security processes and controls in place. A new global poll of senior legal officers from KPMG found that over half of (54%) feel their businesses is not prepared for the new privacy laws. Yet it doesn’t have to be this way. The biggest challenge with regulations like GDPR has been interpretation not only for the organisation but also for the certifying body. In the case of GDPR these are written in legal terms as opposed to technological ones, making it challenging to know what exactly needs to be done in order to be compliant. Proven frameworks such as NIST 800-53 can support a solid information security programme to help appease regulators. Continue reading →
New figures from jobs site Indeed this week reveal that vacancies for Data Protection Officers (DPOs) have soared by 709% in the two years since the EU General Data Protection Regulation (GDPR) was ratified two years back. It’s a shame that, with so long to prepare, organisations are only now wising up to the implications of the region-wide privacy law. Our own research has shown that many other areas of investment are also lacking.
What are needed most now are cool heads and a long-term, strategic approach to GDPR compliance. Racing to finish before the May 25 deadline could lead to mistakes and gaps which may cause more harm than good. Think of this as a continuous process, not a one-off Y2K-style effort. Continue reading →