CS1705
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IT asset management<br />
THE CLOCK IS TICKING…<br />
WITH THE NEW EUROPEAN GENERAL DATA PROTECTION REGULATIONS<br />
SOON DUE TO BECOME LAW, MANY BUSINESSES WILL NEED TO LOOK<br />
CLOSELY AT HOW THEY PROTECT THEIR DATA THROUGHOUT THE<br />
COURSE OF ITS LIFECYCLE<br />
Any business that stores data on EU<br />
citizens will become subject to the<br />
new European General Data Protection<br />
Regulations (GDPR), to take effect by early<br />
2018. Even the UK, post-Brexit (voting wise, at<br />
least), must comply. This has the potential to<br />
impact a broad spectrum of both EU and<br />
international companies. With the potential<br />
for huge fines (up to 4% of global turnover)<br />
will this see companies becoming more<br />
mature in their attitudes towards data<br />
protection and, if so, what methods will<br />
they need to adopt to achieve regulatory<br />
compliance?<br />
Richard Brown, director EMEA Channels<br />
& Alliances at Arbor Networks, says that the<br />
main barrier with the EU GDPR lies in the<br />
understanding of this new legislation.<br />
"Changes to the definition of what is and<br />
is not personal data, the need for 'explicit'<br />
consent for data collection and different<br />
documentation requirements all need to be<br />
interpreted and any relevant changes made.<br />
It will also require process documentation to<br />
be regularly audited and updated, as in many<br />
cases documentation is created, 'put on the<br />
shelf' and then forgotten about. Finally, there<br />
will need to be a process put in place for the<br />
notification of any breach to the relevant<br />
authorities and customers."<br />
Some of these changes, he points out,<br />
may incur additional costs to business, while<br />
others may reduce overall costs, such as the<br />
unification of regulation, but getting a good<br />
understanding of this is still a work-inprogress<br />
for many organisations. "For<br />
providers outside of the EU who currently<br />
handle personal data on EU citizens, this<br />
will be more complex, as they will have to<br />
ascertain whether their local data-protection<br />
legislation is compatible with the GDPR. With<br />
appropriate assistance from national<br />
governments, organisations should be able<br />
to comply with the legislation.<br />
"As with all regulations, it is important that<br />
organisations maintain their focus on the<br />
'goal', rather than purely on compliance,"<br />
Brown adds. "The impact of data breaches<br />
to both business and the end user can be<br />
significant, and businesses need to invest<br />
appropriately to protect themselves and their<br />
customers, not just comply with the<br />
legislation."<br />
MANY UNPREPARED<br />
According to Rob Norris, director of enterprise<br />
and cyber security in EMEIA at Fujitsu,<br />
the majority of organisations are not yet<br />
preparing for the new legislation. "GDPR<br />
readiness will oblige organisations to carry<br />
out thorough preparation, to set up the<br />
processes necessary for compliance, as well as<br />
supporting alignment of their systems and<br />
services with GDPR's requirements. That's why<br />
we recently announced a comprehensive<br />
portfolio of services to help organisations<br />
comply with the new legislation. This includes<br />
implementing contingency measures, as well<br />
as establishing both GDPR-related strategies<br />
and clearly defined processes in how to detect<br />
and react to data breaches, he says.<br />
"GDPR will apply to organisations of all sizes<br />
and in all industry sectors, and not just those<br />
within the EU, so it's important companies<br />
"Businesses need to invest appropriately to protect<br />
themselves and their customers, not just comply<br />
with the legislation."<br />
22<br />
computing security May/June 2017 @CSMagAndAwards www.computingsecurity.co.uk