Avatu’s Joe Jouhal says that in or out, the best-run organisations will still shake their security all about and make sure they’re ready for new data protection rules they simply can’t afford to break.
As everyone knows, the outcome of the EU referendum has made life a little more uncertain. Organisations have had to take a long hard look at their business activities and investment and growth plans as they second guess the new world future.
Before the referendum, information security had started to pick up some impetus in the best-run, most forward-thinking organisations.
Leaders in these places have already acknowledged that information security is a serious business challenge, rather than something that applies only to the IT department, and are, consequently, giving it the right focus, investment and priority.
The government’s new Cyber Security Centre, which opened late last year, is aimed at building more confidence.
And, in theory, so should the EU’s new, far-reaching, General Data Protection Regulations (GDPR) with their extra security requirements and big penalties. Or this was the case, until Brexit somewhat muddied the waters.
The landscape – before the vote for Brexit
Earlier last year, all EU countries adopted as law the GDPR. This is something of a game-changer when it comes to data and cyber security.
The new law significantly strengthens data protection rules for all EU countries, and for any organisation – anywhere in the world – that wants to do business within the EU, regardless of whether it holds personal or sensitive data or not.
While the regulations came into force on 25 May last year, there’s been a two-year grace period for organisations to get their houses in order before penalties begin to apply.
But, fundamentally, GDPR means, from May 2018:
The landscape – after the Brexit vote
We're not yet sure yet exactly when the UK will leave the EU. But we do know it won’t be before February 2019 – at least nine months after GDPR comes into play.
The government hasn’t yet given an indication on the future fate of GDPR or if it will stay UK law; there are bigger fish to be fried first. But the consensus among many experts - including the Information Commissioner - is that nothing is likely to change – or if it does, it may not change for quite some time.
What we do know for sure is:
The best advice: just do it anyway, and do it now...before time runs out
The most forward-thinking organisations are becoming GDPR-ready, even if they work only in the UK because the new law is sound for business. Full stop.
It encourages organisations to take data security more seriously, and ensures they are less vulnerable to cyber attacks or data breaches caused by insiders, both of which are potentially damaging or inconvenient for business.
Could you say – hand on heart – that your organisation is prepared for, and could cope with, a data breach, and the associated fallout?
If the answer’s no, you shouldn't need a new law to make you take this seriously. GDPR is focussing the mind for many organisations but - for the good of your business - you should be doing it now, anyway.
Joe Jouhal is CEO with Avatu. This article first appeared in the New Statesman. Download the cyber security report here.
Keep on top of cyber security, data protection and Brexit
We’re running a series of briefing sessions to keep people up-to-date with the latest developments on GDPR, cyber and data security and Brexit. They will include a leadership briefing event, a webinar and email updates.
To find out more or join the mailing list email: firstname.lastname@example.org or call 01296 621121.
Could you say - hand-on-heart - you are prepared for a data breach?
If the answer to this question is no, and you need help now, call our security advisors on 01296 621121 or email email@example.com Or contact us here.We can help you assess how effective your security arrangements are right now, develop a plan to improve them for the future, and keep you in control.