Growing cyber crime statistics show how organisations of all sizes must start taking data security more seriously and mitigate security risk much more effectively. As the legal landscape scrambled to keep up with these threats, the newly approved EU General Data Protection Regulation (GDPR) has finally closed some of the loopholes that have allowed so much cyber crime to go unreported.
Organisations face tough penalties for non-compliance
All organisations handling European residents’ personal data will need to adopt the GDPR’s requirements. The Regulation introduces tough penalties for non-compliance, with breached organisations facing fines of up to 4% of annual global turnover or €20 million – whichever is greater.
GDPR enhances data security and data breach notification requirements
The new Regulation imposes stricter data security obligations on data processers and controllers, while also offering guidance on appropriate security standards. The GDPR adopts specific breach notification guidelines and provides suggestions for cyber security actions such as:
- Encryption of personal data;
- Ongoing confidentiality, integrity, availability and resilience of practices and processing systems;
- Ability to restore the availability of personal data in a timely manner in the event of a technical or physical incident;
- Putting processes in place to regularly test, assess and evaluate the effectiveness of technical and organisational measures to ensure data is securely processed.
Easy route to compliance and cyber security
Last week marked the beginning of the two year-transition period, during which organisations will need to achieve compliance with the Regulation.
EU businesses that are yet to prepare for the GDPR can achieve compliance with the international best-practice standard for information security, ISO 27001.
The Standard encompasses the three essential aspects of information security: people, processes and technology. This approach helps organisations to meet the new legal obligations of the GDPR while streamlining cyber security processes, creating greater business efficiency and reducing the threat of a cyber attack.
IT Governance has led hundreds of ISO 27001 implementation projects around the world, and our ISO 27001 Packaged Solutions provide fixed-price implementation resources and implementation guidance for all organisations.