The digital world is the new economy and the imminent EU General Data Protection Regulation (GDPR) will be a major part of it. Digital powers our industries and drives consumerism. Personal and corporate data lies at the heart of this rapidly growing phenomenon. Cloud computing, mobile web services, smart manufacturing and social media are radically changing the business landscape.
According to the European Commission, two billion people are currently connected to the internet and the number is soon to exceed three billion. For many entrepreneurs, this trend brings enormous commercial opportunities, but it also presents fears and challenges. Exposure to security breaches can seriously damage operational profitability and impact brand reputations. To add to this complexity, one of the biggest business fears for leaders is understanding what data exists within their networks and, worryingly, it is the data they do not know about that could be exposed to attack. The GDPR will mark a milestone in data processing practice. So, are you prepared for a cybersecurity single market and is your organisation ready to become a compliant data controller or processor?
Could you afford a data breach?
On the 25th May 2018, firms wanting to do business in Europe or wishing to engage with EU customers will need to comply with the GDPR. This will become the standard for all European countries and, as an EU regulation, requires no national law to implement it as Directives often do. The new regulation will introduce new accountability obligations, stronger consumer rights and restrictions on international data flows. This initiative will cause organisations to rethink the way they view personal data, as well as push the boundaries of enterprises and the responsibilities of business leaders. Many firms have a sense of inevitability about penalties and being made the first example of non-compliance. With potential fines set to be up to be 4% of global revenues or €20 million, whichever is the greater, companies of all sizes can ill afford data breaches with a potentially seismic impact on revenues.
Trust has always been a fundamental requirement for two parties to do business and this has never been more important than on the internet, when the parties involved never actually meet. The GDPR requires a risk-based approach, which involves implementing secure procedures and controls to protect sensitive information. Compromised customer data has consequences and non-compliance will incur hefty penalties. As with all regulations and compliance, this could be looked upon as an expensive and time-consuming practice. Alternatively, it could be seen as a business enabler, allowing an organisation to do business in new markets and promote its compliance and strong security controls as a differentiator.
The notion that “if current operations are safe for me, then it’s secure for all” does not hold much weight anymore. What you do online has the potential to affect everyone at home and at work. Personal information is like your passport. Give away your password and you give away your identity. Good practice, however, helps to instil better online habits, which benefits the global digital community. Some people fear that more rules and regulations can constrain business. Although GDPR is another EU initiative, it is widely considered to be a positive game-changer. It will bring important parameters in which to trade with the EU and ultimately protect its communities’ vital data. In turn, the data that companies are expected to protect is becoming harder to monitor and track through the plethora of devices and mobile behaviour of the workforce. This can mean that if companies do not scale and protect their operations and infrastructure, they risk compromising data and being found non-compliant.
Customer data accessed by mobile devices, for example, is vital to protect in order to prevent major issues. This is particularly true if theft occurs and the information must be erased based on commands issued remotely. Similarly, companies looking to store data in the cloud need to maintain ownership and control over that centralised data, address policy management and look for encryption solutions to ensure only the controlling company can unlock the relevant files.
As part of the regulation, companies will need to notify regulators within 72 hours of learning about a breach, irrespective of whether it affects employees or customers. The disclosure must be comprehensive too, describing the nature of the breach, the number of data sets compromised, contact information of directors responsible for data and the measures that the company intends to take to address the issue.
Data continues to evolve
Understanding data and being able to control, analyse, contextualise and monitor its flow is vital to managing personal and company information. From banking to manufacturing, retail to education, data are being generated on a minute-by-minute basis. Data sets are not static – they are agile and evolve, moving across multiple platforms and sources. It provides knowledge and statics – it is the lifeblood of commercial intelligence.
The golden rule is that we must all quash our technology phobias and help fight crime as responsible cyber-citizens. Under the GDPR, a chief data protection officer will be a prerequisite for virtually all companies to ensure they are compliant. So, who currently owns data protection in your company? In essence, most companies will need to employ a specialist to manage this important area of business. This also raises questions about who do you turn to for data security support? The GDPR initiative will help to drive innovation.
Plugging the gaps in cybersecurity
Cybercrime is not limited to any one region or one type of business – everyone is affected from across the business world through to private social communities. The supply of goods and services feeds our economy and, in turn, hackers also feed on our valuable information. Data has never been more valuable – now is the time to safeguard credentials.
The idea of Europe’s cybersecurity single market is a good one. It is designed to plug the gaps that exist in the free-flowing digital commercial sectors in which we operate. In tandem, innovative security solutions and services can be a major help in protecting data that resides in business critical applications. The cybersecurity market is one of the fastest growing sectors in the world. The EU is already taking the lead to develop a strong culture of data security and implement robust measures for non-compliance.
Are you a responsible EU cyber-citizen or feeling apprehensive about becoming part of a regulated cybersecurity single market? Now is the time to get your data in order or the deadline for GDPR will expose the gaps in your digital data privacy systems. Be prepared, be compliant and be safe.
Lizzie Cohen-Laloum is senior vice president EMEA sales, F5 Networks