Why cybersecurity and compliance are high stakes in Europe
Why cybersecurity and compliance are high stakes in Europe right now and where Teleran fits in
Oncoming legislation for cybersecurity
Recent months have been tumultuous for the United Kingdom’s government to say the least. With such heavy focus on the Brexit and the political fallout, many outside of the immediate area are unaware of the cybersecurity issues that are also coming to bear. In April of 2016, new regulations were passed concerning the security of various online aspects of the British populace including e-commerce platforms, search engines, and cloud computing devices. Referred to as the General Data Protection Regulation (GPDR) is a directive designed to regulate and tighten security on the information of citizens within Britain and the European Union. Some of the aspects of the GPDR include the application of EU citizens’ personal data, informed consent required for acquiring or using personal data, compensation for unlawful processing of such data, mandatory risk assessments of both in-house and cloud-based systems for companies with access to such information, and possible fines as high as a million Euros or two percent of a company’s total worldwide annual turnover of the preceding financial year. This legislation was passed in April of 2016, with an application date as of May 2018. Unfortunately, many businesses are not ready, and time is running out.
A paradigm shift in security and operations
The enforcement of the GPDR creates a multitude of issues. Previous attempts to secure data were not specifically standardized, and relied on a far looser form of legislation. The previous standards were made far earlier, and did not fully encompass what the value of personal identifying information would become. The security risks of transmitting that information aside, the processing of personal information is the key component to this new legislation. The GPDR extends the protection of law to the information in addition to the person. This means regardless of where the information is stored, processed, or shared, the person it identifies has the rights to be protected.
Information can be kept on a database, or even using cloud computing, and can be moved in an instant. Because of that, the GPDR describes in detail how the creator of that information must give informed written consent to the person holding the information. Such permission can be revoked at any times as well. From a business standpoint, this creates unfettered access to private information and files to an untold number of potential access points. Each file must be accessible individually, and creates a way to enter the system. Internal security must allow for individual information to be quickly found, and moved- or removed completely at any time. Each company that houses this information must also do regular risk-assessments to ensure security is tight and able to defend against any form of breach.
The changes are vital, but come slowly
Small companies will have to make specific changes and adapt. Larger companies that handle millions of individuals’ information will have to implement a new form of access and security to compound systems and ensure the law is complied with. Restructuring security and adding in new protocols is expensive and difficult. Adding it to a company is hard enough, but many companies include cloud-based computing to their platform to remain versatile. The GPDR outlines various guidelines to adhere to including a direct accountability and reporting requirement for every person or entity that is part of the ‘cloud supply chain.’ Such often crosses borders and becomes an international complication. All this also has to include certified experts available at all times to represent the legislation within a company, somebody that can be approached and talked with at any time about personal concerns. This officer is directly responsible for reporting to the governing bodies about any breaches, potential loss of information, or situations that cause concern. If compliance is not met, any business can lose significantly. 1 million Euros or 2% of what a business made the previous year can be devastating to many businesses.
Despite the high stakes, many businesses are not fully prepared to implement the required changes, or have the experts on staff. Worse yet, far too many are still unclear on all the particulars of GPDR, making them even less prepared for the enforcement of the legislation. This has sent the idea of cybersecurity into a panic across the EU, and any affiliated bodies across the globe. When any infraction can cost such a heavy toll on a business, it becomes vital to comply. When the law is not fully understood, how can businesses prepare? One of the only viable solutions currently available is to rely upon experts that have studied and understand the legislation fully. Experts like those in Teleran specialize in cybersecurity, and understand the requirements of these sorts of issues. As a company that provides security for other larger entities, they are well-versed in the needs of the GPDR, and are experts in integrating such into various systems. Using a specialist can reduce the time and effort required in making a system up to this rather difficult change with a minimum of issues. Ready or not, they have until May 2018 to be ready.