As we bring our fourth and final 2017 issue of Infosecurity Magazine to a close I, as always, have the privilege of rounding things off with a final thought.
Looking back over this issue, it’s clear we have explored some truly fascinating and important topics in the information security landscape. All make for great reads and raise some thought-provoking points, but there’s one more that I’d like to touch upon before we sign off for the year, which is that old ‘elephant in the room’ for most organizations: the EU General Data Protection Regulation (GDPR).
For a long time now we’ve known that this evolution of the Data Protection Act was coming, but 2017 will be remembered as the year that the realities of what GDPR ‘might’ bring with it really started to hit home.
That said, it has been a pretty mixed bag in terms of how well companies have reacted over the last 12 months. Research by Trend Micro found that 73% of 1000 IT decision makers were unaware of the extent of fines that could be levied for GDPR non-compliance; Imperva’s survey revealed that a fifth of companies are yet to hire a data protection officer (something the new regulation stipulates is a must for companies of a certain size); AlienVault quizzed over 900 attendees at Infosecurity Europe 2017 and discovered that almost half felt GDPR is stifling innovation in the cybersecurity industry and Netspoke claimed that the majority of cloud services used by organizations don’t meet GDPR requirements – and those really are just a few of a plethora of examples. You’ll notice I haven’t even mentioned the word Brexit.
The reality is, the majority of companies were behind the curve when it came to preparing for GDPR this year and therefore most are not where they should be by now. Granted, it’s probably unrealistic for any company to be 100% GDPR compliant by May 2018, but just how prepared most companies actually are causes real concern. Half of those polled in the AlienVault survey mentioned above believe that GDPR could cause people to try and cover up data breaches!
"Companies should be inspired by what they can gain from GDPR, not live in fear of what happens if they get it wrong"
In the defense of organizations, they shouldn’t have to go it alone. Yes businesses have a responsibility to get as compliant as they can, but we all have our part to play, even us in the media. My attention was brought to a GDPR infographic recently which was published littered with errors – even stating that fines could reach 40% of annual turnover. I’ll leave accusations of ‘fake news’ to other individuals, but how can we expect people to plan properly when their foundations are shaky to begin with?
GDPR is daunting for most (probably all) companies, but it has to be approached positively and with the intention of making the world a safer and more secure place, that’s what it’s for. It offers an opportunity to do things properly and, whilst it’s important to be aware of the potentially hefty fines, companies should be inspired by what they can gain from GDPR, not live in fear of what happens if they get it wrong.
Consumers are more concerned with data privacy and the security of information now than ever before (GDPR will actually give them the right to know what information a company holds on them and the power to ‘be forgotten’), and they’re less likely to take up new services if they do not trust the provider to keep their data safe. Businesses that understand that will be in a better place to gain an advantage on several levels, but if they only focus on what they could lose from GDPR, they’re missing the bigger picture. It’s a cliché, but it really does need to be the carrot and not the stick.
Ultimately, we will have to wait and see what happens next year, but I do think companies are going to have to up their GDPR game – not just because of the compliance implications, but to reap the benefits of the opportunities it offers.
To round off, all that remains for me to say is a huge thank you to you, our readers, for your continued support over the last 12 months and I hope you’ve enjoyed reading all four 2017 issues of Infosecurity Magazine as much as we have enjoyed putting them together for you.
On behalf of the whole team here I wish you all the best for the rest of the year and look forward to seeing you all in 2018!