Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

EU data regulation preparations

Fujitsu Services : 21 September, 2015  (Special Report)
Rob Norris, Director of Enterprise and Cyber Security for UK and Ireland at Fujitsu discusses the development of cyber resilience required by companies to meet the 2017 requirements of the new EU data regulations
EU data regulation preparations

No matter what industry organisations reside in, data breaches are inevitable and they continue to grow in size, frequency and complexity. It is no longer about if a business will get hit by a breach, but when. When considering that serious security breaches cost large firms between £600,000 and £1.15m and small firms £65,000-£115,000 every year, businesses need to start reassessing their security strategies.

The general industry belief about data regulation is that there is not enough focus on data security. Both consumers and businesses seem, for the most part, unconcerned about where data is stored, how trustworthy the providers of cloud services are and what security measures these providers have in place. According to research from Fujitsu, 40 per cent of IT decision makers think the current regulations aren’t enough to protect the data of organisations and customers.

To try and shift this perception, the EU data regulation, due to take effect in December 2017, will look to create change for the first time since 1998. It will mean that businesses within the EU member states will have to make significant changes to the way they collect, store and use the personally identifiable information of EU citizens. Any businesses who are hit by a data breach will be forced to pay fines up to five per cent of gross turnover or €100 million, report breaches within 72 hours and employ a data protection officer.

This regulation will help businesses become more proactive with regards to their data hosting and storage strategies. It means that as a service provider, organisations such as Fujitsu can continue to fulfil their role as a data processor, protecting the information it handles and stores on behalf of its customers who as owners of the data remain the data controllers. This is ever more important as we move towards a more digital landscape. According to our recent research, which looked into the UK digital landscape, more than one in five of us will now always use a digital service when it is offered by an organisation. Yet, despite the surge in usage, concerns still remain. Of the 12 per cent of UK consumers who said they never use digital services when offered to them, the second highest reason given for this was ‘security concerns’.

According to further research from Fujitsu, 80 per cent of IT decision makers believe more stringent data protection laws are needed in this data-driven world while nearly two thirds (61 per cent) welcome larger fines for data protection negligence and would like to see them introduced. The tougher fines proposed by the new EU regulation and raised awareness it hopes to bring will also create a better understanding in the C-suite of what data they hold, its value to business and the controls required to protect these valuable assets.

However, while this new regulation will boost awareness, organisations also need to be cyber resilient to defend themselves from data breaches and avoid these hefty fines. There are several key actions that businesses can take to protect their data:

* Understand what is important to the company: The first step in protecting an organisation is ensuring you understand what information is most important to the business. Once you have that understanding, it will be much easier to know how you can protect it

* Focus on the threats relevant to the business: Businesses need to be proactive in identifying threats and their impact on the business. By taking things back to a risk-based approach, identifying which threats pose the greater threat and planning for these companies will be in a better position to defend and protect their assets

* Be proactive about hosting and data storage strategies – It seems inevitable that the final changes to the regulation will include measures that will affect all organisations that hold data on individuals. It means the service provider will be a data processor and must not only protect the information it handles and stores on behalf of  customers, but also share the liability with them for data breaches and violations of the law

* Have a Security Incident Response process: Once a threat is detected its essential businesses have the ability to respond to this in a well-defined and practiced manner.  Effective security controls and trained personnel, coupled with a tested Security Incident Response process are invaluable when faced with a real-life security incident

As the threat landscape continues to develop and more regulation is put in place, organisations have more responsibility than ever to keep their business and its customer data safe. The impact of data breaches to both businesses and the end-user can be significant so it is vital that organisations invest appropriately to protect themselves and their customers, not just to comply with the legislation.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo