GDPR causing cloudy confusion amongst businesses

Jonathan Martin, Cyber Security & Cloud Department Manager, Networkers, provides an overview of what the new legislation means for businesses and the people they need to hire now to ensure they stay compliant.

The General Data Protection Regulation (GDPR) is a piece of legislation by which the European Commission intends to strengthen and unify data protection laws for individuals within the European Union (EU). The legislation will be strictly enforced with stern penalties imposed for companies that fail to adhere to the compliance regime.

After years of speculation, the details of the new legislation were announced by the European Parliament on 14 April 2016 but despite confirmation being provided on the long-awaited reforms, it seems many businesses are confused about what the regulations mean for them.

According to new research by Trend Micro (an internet content security software and cloud computing security provider), many businesses are at risk of fines due to gaps in knowledge around the new legislation. A survey of over 100 senior IT decision makers in the UK showed that a fifth are unaware that the GDPR exists and 29% do not think that it applies to their organisation or are unsure. Confusion with timescales is another cloudy issue with 26% of respondents unsure of the time frame to become compliant. Indeed, 31% believed it was within 6-12 months while others (11%) thought it was across 2-3 years. Further misconceptions were evident in the repercussions of incompliance with 18% of respondents unaware that they could face fines.

With this level of uncertainty shrouding the new regulations, here are the key facts:

The legislation

Replacing the current mixture of national laws with a single set of rules, the GDPR is designed to give citizens greater control over their own private information in the digital world. An additional goal is to improve certainty regarding the law for businesses to provide more confidence to companies who are innovating in the digital world.

Businesses affected

The GDPR is applicable to all organisations with data stored in or passed through Europe, including those outside of Europe who supply goods and services to European citizens.

Timescales

Adopted by the European Parliament on 14 April 2016, the legislation will come into effect on 25th May 2018.

Penalties

Organisations face fines of up to 4% of their annual turnover for non-compliance.

Businesses need to respond now to make sure they are prepared for the future, when the new regulations come into effect. For many, the best and only solution is to train or employ fully competent information security professionals to make the necessary changes to compliance. Fortunately, some businesses are already taking steps to implement these changes, as identified in the research, with 44% of IT leaders investing in IT security and 42% increasing their focus on employee training on data protection.

Over the past four months, we have already seen a spike in the number of employers seeking to hire information security professionals for skillsets such as PCI, UK DPA, CISSP and ISO to ensure that their business meets the guidelines set out. Businesses should consider the hiring of these data experts now as an investment and it could well save them a hefty fine in the future.

If you’re an information security professional looking for your next opportunity, visit our jobs pages to see what roles are available.

Top in News & insights

Recommended articles

Back to top