DPR Lloyds of London’s report “Cyber Report” has found that 57 percent of organisations don’t understand the implications of the EU General Data Protection Regulation, comment from Stephen Love, Security Practise Lead – EMEA, Insight.
The fact that over half (57 percent) of organisations have admitted to not fully understanding the implications that the EU General Data Protection Regulation might have on their business, is not surprising. Despite the results of June’s referendum, from May 2018, any organisation found to be in breach of the new EU GDPR will be subject to considerable fines that could damage the financial stability of the company and, coupled with the reputational fallout, could see the business facing bankruptcy.
So why are over half of UK businesses failing to prepare? Some believe the EU referendum would affect the implementation of the legislation, others think it doesn’t apply to their business and others are simply are delaying addressing it as it doesn’t fall into this financial year. However whatever the reason, it is something that urgently needs addressing.
For an organisation to adhere to the new EU data regulation, they first need to identify the key data that they need to protect, understand where it resides and what value the data has. Additionally, and perhaps most importantly, companies need to evaluate who has access to this data. Once this is established, the organisation needs to create a security strategy and policies that will enable them to not only protect this data but also secure admittance to it. Further solutions can then be implemented to secure the data, from cutting edge, next generation firewall solutions to data loss prevention tools, ensuring the integrity of the data. Identity and Access management solutions and multifactor authentication will also allow for the governance and control of user admission to on-premise and cloud services.
Planning ahead is the best course of action for any business. 2018 might seem a way off, but we are already nearing the end of 2016 and, before we know it, the new legislation will come into effect. Addressing the EU GDPR now will allow businesses to budget and prepare, taking manageable steps to ensure a compliant business environment that will help protect the company from the potential fallout of non-compliancy.