Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

GDPR – Why it’s Time for the Board to stop Passing the Buck

by The Gurus
October 9, 2017
in This Week's Gurus
Share on FacebookShare on Twitter

The General Data Protection Regulation (GDPR) comes into effect in the UK on 25 May 2018. Yet, many organisations remain in denial, with a typical mindset being: ‘if I ignore it long enough, it will probably go away’, or even, ‘I don’t think it really applies to me’.  Ultimately though, any business that holds personal data about their customers, employees or that runs a payroll is going to be impacted by the regulation. That’s because GDPR clearly applies to all companies worldwide that process the personal data of EU citizens.
 
There is a world of difference of course, between understanding that your business needs to get ready for GDPR and making it happen. There are likely to be a raft of challenges along the way. Many leadership teams immediately baulk at the need to put policies in place. Organisations, and particularly their directorial boards, often feel that they don’t have the time, manpower or the feel the necessity to do this. But what other options do they have?
 
We are beginning to see legal departments take on some of the strain. The data protection officer (DPO) role that for many organisations will be a mandatory requirement after May 2018 is increasingly finding itself housed within legal teams as another thing on their ‘to do’ list. In some businesses, the legal department is even formulating policy for the rest of the business to follow.
 
Many boards, however, still try to shift the problem to the domain of the IT department. There are far too many CIOs attempting to abdicate their responsibilities in this area. The rationale is often that they are simply too busy thinking about the future strategy of the business to spend time considering what they see as essentially IT-focused legislation, so there it should lie. That’s a mistake. GDPR is  a business issue just as much IT one. It shouldn’t simply be offloaded to network engineers and made a technology problem – it is a business opportunity, where technology can help.
 
There is often greater traction in looking outside the organisation for help. But again, the key question is where to look. Firstly, there are a host of companies in the marketplace that are making a lot of noise – saying come and speak to us – we will make you GDPR compliant. However, it is unlikely that a single company operating alone could ensure a customer will meet all the demands of this new GDPR legislation. So, businesses should be very wary about taking this supposedly catch-all path to compliance.  It is likely to turn out to be anything but.
 
The Right Approach
 
It is clear that businesses can and should be doing today to make sure they are ready in time, especially with regards to good data management.  For many organisations, ensuring their data classification processes are up to scratch is one of the very first actions they should take. Every business should know what data it has; where that data resides – (and that means not just the primary data stores but what information is held on laptops and in off-site back-ups for example), and how they manage, control and audit access to it.
 
They should also, in the context of GDPR, be aware of the CIA triad, (Confidentiality, Integrity and Availability), with the emphasis on the first two of these. When it comes to managing personal data, confidentiality and integrity need to be high on the agenda. Businesses must restrict access to just those people who need to view the data, and they need to ensure that the data is accurate and any relevant updates have taken place. Other key technological measures that can be taken to help protect sensitive personal data include data loss prevention and encryption, whether that is of data held in a data centre, on-premise, in the cloud, or elsewhere.
 
In a sense, much of this is simply about adopting a best practice approach. The IT industry has long tried to educate businesses about risk mitigation and cyber-security by espousing compliance and reputational protection. GDPR is, however, only the start of a journey, the minimum standard that organisations should be aiming for.  It’s about enforcing a decent baseline of security – however organisations that fail to act appropriately and in a timely fashion will find that it’s a  regulation with teeth.
 
By January 2018, we foresee many organisations starting to panic about the 25th of May. They will suddenly realise that time is short and they need to act immediately in order that they are adequately protected procedurally as well as technically. By then, however, it may be too late.  The message for the boardroom is a simple one; If you are not already running a best practice approach where you know what you have, where it is, and who has access, it can take more time than you have to be fully prepared.
Put this on the boardroom wall; Stop passing the buck – if you have not already got your GDPR house in order, you better start doing it right away.  Tempus Fugit.
 
by Mike Simmonds, Managing Director, Axial Systems

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Nearly 80 per cent of IT executives lack control over password security in their organisations

Next Post

Barclays delivers skills boost with Cyber Security Challenge UK competition

Recent News

Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information