New accredited standards will need to follow establishment of GDPR

Standards must be driven by real world and not by lawyers and policy makers.

  • 8 years ago Posted in
A new set of standards along with recognised accreditation will be necessary if the new General Data Protection Regulations are to be implemented effectively, The Bunker states. The non-prescriptive nature of the new regulations means that clear standards will be required to bring clarity to the market and help both cloud providers and end-users undertake due-diligence effectively.
 
The GDPR was formally passed on 14 April this year, as part of the European Commission’s Digital Single Market Strategy. It is designed to better protect citizen’s data and harmonise legislation across the European Union (EU). The GDPR brings an array of new guidelines for organisations in relation to Personally Identifiable Information (PII) and it stipulates the Auditable Assurance that all companies will need to demonstrate when controlling or processing PII.
 
Businesses operating within the EU have until 2018 to implement the required changes. However, a standard is yet to be put in place that specifies if what organisations have enforced can be deemed as appropriate Technical and Organisational Measures (TOMs), to comply with the terms of the GDPR when scrutinised in a court of law.
 
According to Phil Bindley, CTO of The Bunker: “The wording of the regulation indicates that at some point in the future someone will create a standard that helps organisations understand the requirement in the context of TOMs. It would be ideal if this defines what needs to be done to demonstrate compliance with the standard and provides support accreditation.
 
“The subsequent issue is then raised of who will actually create this standard. It can’t just be left to policy makers and lawyers. This needs insight into the ‘real world’ of information security practice. It also needs to drive a consistent set of behaviours and promote the culture that change is needed inside organisations to achieve proper security for the right reasons, not just the fear factor.
 
“If we allow policy makers and lawyers to dictate the terms, then as information security professionals, we have missed a once in a lifetime opportunity to evangelise the positive benefits of taking the right approach to security.
 
“The GDPR is certainly a defining moment in the way businesses need to think about data protection. With or without a ‘GDPR Standard’ I am confident that by applying the knowledge, expertise, processes and culture we have created over the past 12 years, The Bunker genuinely helps customers old and new to comply with the terms of the regulations. And, we are more than prepared for this,” concludes Bindley
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...