Site Logo

GDPR to put a high price on security breaches

Security breaches are already costly; not just financially, but in terms of brand damage, customer dissatisfaction and downtime. For companies that do business with residents of the European Union (EU), the financial fallout from a security breach is about to get much more expensive. That's why it's imperative for organisations to get ready for GDPR now, so they're not playing catch-up. Ronald Sens, EMEA Director, A10 Networks explains more.

What is the GDPR?

With the introduction of the General Data Protection Regulation (GDPR), the EU is enacting a set of mandatory regulations for businesses that go into effect soon, on 25th May 2018. Organisations found in non-compliance could face hefty penalties of up to 20 million euros, or 4 per cent of worldwide annual turnover, whichever is higher.

The GDPR is not just applicable to businesses in the EU, it applies to the data of all EU citizens, regardless of where it's stored. That means if a citizen of the EU has data stored with a company inside the US, then GDPR applies.

Under the GDPR, data controllers must report a data breach to the supervising authority within 72 hours of becoming aware of the breach. From there, individuals must be notified if an adverse impact is determined, and the data processor must notify a controller without undue delay after becoming aware of a personal data breach.

Neither the processors nor controllers, however, must notify data subjects if anonymised data is breached, meaning if the controller has implemented encryption and other measures to protect data. GDPR also gives consumers and individuals more power. Article 17 of the GDPR is the 'right to erasure,' which is more commonly known as the 'right to be forgotten.'

Prepping for GDPR

Gartner recommends a good starting point for GDPR prep is to create two new roles dedicated to data protection: One who acts as a contact point for the data protection authority and data subjects, and the other a data protection officer to ensure processing operations maintain compliance.

From there, companies should be proactive and transparently demonstrate accountability for all processing activities, examine how data flows across borders within the EU and outside of it, and ensure they have systems in place notify individuals and authorities should a breach occur and to comply with the right to be forgotten should an individual ask for their data to be erased.

It's also imperative that companies have systems in place to prevent breaches in the first place. Notification is not required for breaches involving anonymised data, but companies should examine their encryption solutions to ensure their private data is and remains private.

Tools That Can Help Protect Your Data

A dedicated decryption can ensure encrypted data is decrypted for visibility and inspection, in a secure decrypt zone, and companies can opt to bypass certain types of traffic that should remain encrypted and anonymised such as personal data as policies dictate. That gives organisations the benefit of decryption services, while still complying with GDPR.

Companies can also institute stronger identity hygiene practices to ensure attackers aren't attempting to crack into networks to steal data. Simple steps like multi-factor authentication, and swiftly depreciating expired employee accounts can help ensure access is only granted to authorised personnel.

Analytics solutions, can help by enabling companies to quickly and accurately detect security anomalies. Having an understanding of how applications are performing in real-time and their security posture could alert an organisation in the event of a breach or an attempted data theft.

Topics
More News
1 month ago
How to prepare for the new changes to employment laws
Employment laws are due an overhaul in April, with changes to flexible working, request amends, and protection for new parents and carer's leave, among other changes. Vivek Dodd, CEO of Skillcast, warns that failure to comply could result in serious consequences.
1 month ago
British Safety Council Keep Thriving workshop to take place in Cardiff
As part of its charitable work, British Safety Council is offering SMEs and micro-sized organisations in Cardiff the chance to attend a 3-hour workshop, delivered by its Being Well Together experts, completely free of charge to explore how to develop a well-being strategy.
1 month ago
Mitel appoints new SVP and Head of International Region
Mitel, experts in business communications, has announced the appointment of Simon Skellon as SVP and Head of International Region.
1 month ago
VIPRE Security Group appoints new General Manager of Business Security Division
VIPRE Security Group, a cybersecurity solutions provider, has appointed Usman Choudhary as General Manager of its Business Security Division, encompassing VIPRE EDR and Advanced Threat Protection for Email, SafeSend for Email, and Inspired eLearning security awareness training.
1 month ago
Ascentae unveils smart workplace experience centre
Ascentae, a UK-based workplace solution and value-added distributor, has announced the opening of a new Experience Centre in the heart of Clerkenwell, London.
1 month ago
IT at forefront of sustainability efforts, but lacks proper tools and expertise
A report commissioned by OpenText has found that IT departments are playing a major role in achieving corporate sustainability objectives and cited the lack of innovative tools and expertise as the primary challenges they face in meeting those goals.
1 month ago
Harrison provides bespoke manufacturing services to B&Q stores
B&Q set out to find a partner that could provide a range of display components, including a new-look dump bin. While the products had already been designed by B&Q, Harrison was invited to tender for the project at a later date.
1 month ago
Leyard Europe LED supports new educational exhibition
A 4K CarbonLight VX LED screen from Leyard Europe forms the heart of a new inspirational and educational exhibition at the headquarters of the European Molecular Biology Lab (EMBL), Europe’s flagship laboratory for research into life sciences.
1 month ago
Crawley Town Centre BID invests in AI visitor behaviour platform
Crawley BID has invested in Place Informatics Visitor Behaviour Platform to help understand, manage, and improve town centre services and events.
1 month ago
Viking re-establishes presence in Ireland
Office supplies reseller Viking is re-establishing its presence in Ireland with the opening of a distribution centre in Dublin, the development of a local sales team, and the creation of a local customer service centre.

Login / Sign up