The European Union Data Protection Regulation (EUDPR) is imposing tougher data protection. Apparently the objective is to put pressure on businesses to put adequate security measures in place to prevent IS breaches.

The information Security Management System (ISMS) Standard ISO/IEC 27001 is a certification process that has been put in place for companies that what to show the public that they are doing their best to defend against breaches. Data protection has become a major issue for businesses of all sizes, across all sectors. Failure to keep information confidential can lead to fines and reputation damage. The combined collateral damage to the victims of the theft can be even greater. BSI UK released the following statistics they gathered from the Information Commissioner’s Office (ICO) and the Department for Business survey which was carried out by PwC:

  • 81% of large organizations suffered a security breach last year
  • £600,000-£1.15m is the average cost for the above security breaches
  • The scale and cost of IS breaches affecting UK business over the last year has almost doubled
  • The cost of breaches has shot up for the 3rd consecutive year

The EUDPR is proposing a single regulatory system across the entire EU which would create the world’s most comprehensive and heavily enforced data breach notification regimes. The following is being proposed as an update to existing rules:

  • Must report data breaches promptly
  • Must appoint a dedicated Data Compliance Manager, if they have more than 250 employees
  • Will be legally as well as contractually obliged to keep personal information secure, if they are “data processors” (e.g. 3rd party payroll service providers)
  • Must conduct an impact assessment on data privacy for new projects
  • Must maintain records
  • In some circumstances, they must gain individuals’ consent to hold their data
  • Subject to “one-stop-shop” regulator with enforcement powers across the EU
  • Must pay penalties up to 2% of the global turnover for failure and breaches

Adoption however of these new EU regulations has not been finalized due to differing opinions between countries. As a result, a two year transition is expected which gives companies time to prepare for the oncoming tighter security measures. It is expected that the EUDPR will come into full force in early 2017.

EUDPR rules

“While investment in IS has increased in the last year, businesses must make sure that the way they are spending their money is effective, “said Andrew Miller, Cyber Security Director at PwC “Organizations also need to develop the skills and capability to understand how the risk could affect them and what strategic response is required.”

Businesses of any size can either choose to adopt the ISO/IEC 27001 standard and self-declare compliance to it or be independently certified by BSI.

“The Scrutinizer Incident Response System captures and retains 100% of all traffic records entering and leaving the underlying network infrastructure.” Said Marc Bilodeau, Founder Plixer.com “We are archiving data for many of the largest banks and corporations in the world. When a breach is detected, our system allows our customers to quickly narrow in on the attack and review all of the communication details. No other system can Scale like Scrutinizer.”

Contact Plixer to start your evaluation.

 

Patricia

Patti is our International Partner Manager she assists International partners by driving marketing and sales plans from lead assignment through the sales cycle. Patti is also responsible to identify potential global markets to determine demand for partner management in those applicable areas. When Patti is not helping partners spread the Good news about how much Scrutinizer can help their customers she enjoys spending time with her children and grandchildren, evangelizing, hiking, fishing , beekeeping and gardening

Related