Use the new EU Data Protection reforms to secure funding for IT security, says Databarracks

The EU is to impose new data protection legislation to ensure better protection of the personal information of all EU citizens. The reforms will come with more severe fines for organisations that suffer data breaches. Peter Groucutt, managing director at Databarracks, claims that this is the tool IT professionals can use to drive-through security changes, as failure to do so will now result in severe repercussions: “Often, the fines imposed on organisations that suffer data breaches are nothing more than a slap on the wrist. They do little to encourage organisations to address the real problems with their security practices.

  • 10 years ago Posted in

“Worryingly, in some cases organisations are happy to accept the smaller cost of a fine, rather than spend the time and money on actually improving the deep-set problems with their data protection and security policies. Partly it’s because, until now, they haven’t had to. The penalties for data loss have been so minimal that it hasn’t been a worthwhile investment to update existing policies.


“Of all the proposed changes in the draft regulations, the one that is getting the most attention is the increased fines, which will rise to €100million or five per cent of global turnover. These figures are going to be difficult for board members to ignore.”


Groucutt argues that the impending changes make a big difference to the consequences of a breach, and Chief Security Officers (CSOs) can use that shift to secure funding for improvement: “CSOs have always had to balance risks with the cost of protection. This gives them the power to really enact changes in their organisations. We only need to look at the most recent fines from the ICO to see what happens without investment in up-to-date IT practices. Organisations have been fined for losing backup hard drives, revealing customer details to hackers, losing unencrypted laptops and allowing the recovery of data from old computers that had not been securely wiped.


“All of these issues could have been avoided by using secure backup systems, keeping PEN testing up to date, encrypting laptops and removable devices and using secure data destruction. Where IT may have struggled to secure funding in the past, the risk of a €100million fine just might change things.


“It can be very easy to think of data protection as niche issue for the compliance department or your legal and IT teams. The sheer size of the proposed fines makes this an operational issue and a priority for the board of directors.
 

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.