Avatu’s Joe Jouhal says that in or out, the best-run organisations will still shake their security all about and make sure they’re ready for new data protection rules they simply can’t afford to break.
As everyone knows, the outcome of the EU referendum has made life a little more uncertain. Organisations have had to take a long hard look at their business activities and investment and growth plans as they second guess the new world future.
Before the referendum, cyber security had started to pick up some impetus in the best-run, most forward-thinking organisations.
Leaders in these places have already acknowledged that cyber security is a serious business challenge, rather than something that applies only to the IT department, and are, consequently, giving it the right focus, investment and priority.
The government’s new Cyber Security Centre, which is due to be operational later this year, will also build more confidence.
And, in theory, so should the EU’s new, far-reaching, General Data Protection Regulations (GDPR) with their extra security requirements and big penalties. Or this was the case, until Brexit somewhat muddied the waters.
The landscape – before the vote for Brexit
Earlier this year, all EU countries adopted as law the GDPR. This is something of a game-changer when it comes to data and cyber security.
The new law significantly strengthens data protection rules for all EU countries, and for any organisation – anywhere in the world – that wants to do business within the EU, regardless of whether it holds personal or sensitive data or not.
While the regulations came into force on 24 May this year, there’s a two-year grace period for organisations to get their houses in order before penalties begin to apply.
Fundamentally, GDPR means, from May 2018:
The landscape – after the Brexit vote
No one yet knows when the UK will leave the EU. But we do know it won’t be before January 2019 – at least eight months after GDPR comes into play.
The government hasn’t yet given an indication on the future fate of GDPR or if it will stay UK law; there are bigger fish to be fried first. But the consensus among many experts is that nothing is likely to change – or if it does, it may not change for quite some time.
What we do know for sure is:
The best advice: just do it anyway
Regardless of Brexit, the most forward-thinking organisations are becoming GDPR-ready, even if they work only in the UK.
It’s a good idea for any business to comply with the principles of the new law. It encourages organisations to take data security more seriously, and ensures they are less vulnerable to cyber attacks and data breaches caused by insiders.
It doesn’t have to be complicated or massively expensive process. Organisations can improve their security relatively easily.
Think about it: even without the risk of a GDPR penalty, could you say – hand on heart – that your organisation is prepared for, and could cope with, a data breach, and the associated fallout?
If the answer’s no, you don’t need to wait for clarity on this aspect of the law. You need to take advice and act now; Brexit is merely a distraction.
Joe Jouhal is CEO with Avatu. This article first appeared in the New Statesman. Download the cyber security report here.
Keep on top of cyber security, data protection and Brexit
We’re running a series of briefing sessions to keep people up-to-date with the latest developments on GDPR, cyber and data security and Brexit. They will include a leadership briefing event, a webinar and email updates.
To find out more or join the mailing list email: firstname.lastname@example.org or call 01296 621121. Or contact us here.
Could you say - hand-on-heart - you are prepared for a data breach?
If the answer to this question is no, and you need help now, call our security advisors on 01296 621121 or email email@example.com Or contact us here.We can help you assess how effective your security arrangements are right now, develop a plan to improve them for the future, and keep you in control.