Technology | Media | Telecommunications

Friday, June 09, 2017

General Data Protection Regulation - Why it Matters

Compliance with IT security and data privacy regulation is of growing concern to most European organizations. Businesses large and small are scrambling to assess their General Data Protection Regulation (GDPR) readiness, with less than a year to go until its implementation on 25 May, 2018.

GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The new framework demands a reassessment of the everyday operational structure for businesses that handle personal data in the EU.

The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies.

Penalties for Non-Compliance

Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements -- i.e. not having sufficient customer consent to process data or violating the core of 'Privacy by Design' concepts.

There is a tiered approach to fines -- i.e. a company can be fined 2 percent for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.

European IT Security Market Development

Canalys forecasts that this will spur the IT security market in Western and Central Eastern Europe to grow 16 percent to $11.5 billion in 2018. However, Canalys believes that there are significant differences in preparedness between companies of varied sizes.

"Our research shows that large businesses are well informed on information security regulations, with resources in place to ensure compliance. With ransomware threats such as WannaCry causing havoc, shareholders will be more willing to accept increased data security and compliance budgets to protect their long-term investment," said Nushin Vaiani, senior analyst at Canalys.

Small and medium businesses (SMBs) naturally have fewer resources, placing obvious constraints on implementation. But there are potentially massive fines for non-compliance with GDPR, potetially putting some SMBs under the threat of bankruptcy.

According to the Canalys assessment, all businesses must take action now to safeguard from this danger. Overall, the net effect on SMBs will be significant and many are turning to their existing relationships with IT channel partners for help.

Canalys expects this trend to accelerate in the coming weeks and months, as SMBs realize they have little time left to implement changes if they are to meet the May 2018 deadline.