Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

What is GDPR? Everything you need to know as countdown to new cyber security regulation begins

'The WannaCry cyber-attack should serve as a stark wake up call for everyone that cybercrime is real and the consequences can be grave'

Terry Greer-King
Wednesday 24 May 2017 06:39 EDT
Comments
If the recent WannaCry cyberattack hasn’t got business leaders to sit up and take notice, GDPR will force them to
If the recent WannaCry cyberattack hasn’t got business leaders to sit up and take notice, GDPR will force them to (EPA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Thursday marks a year until GDPR, or the General Data Protection Regulation, comes into effect. That means businesses have roughly 365 days to make the necessary changes to the way in which they operate and manage risk to ensure they abide by the new law.

If the recent WannaCry cyberattack hasn’t got business leaders to sit up and take notice, GDPR will force them to. If the cyber-criminals involved in the WannaCry attack had chosen leak data from their victims rather than encrypt it, the financial consequences under GDPR would have been extensive.

Ultimately, the arrival of GDPR will put the control of personal data back into the hands of the individual, allowing a number of rights including access to their data and the ability to withdraw it. It also means that organisations cannot simply gather data without good reason and must prove that they are doing all they can to protect the data they do hold.

The law applies to any company that is targeting consumers in the European Union and holding or transporting data relating to them, meaning it has the potential to impact companies globally.

GDPR also specifies that organisations have to appoint a specific data protection officer, who is distinct from a risk officer and all IT functions that currently exist. It’s a role that has to sit outside of IT and outside of the boardroom to have the independence to ensure the business adheres to the regulation.

It is vital businesses understand the importance and the responsibility tied to these new regulations.

For example, non-compliance penalties could lead to fines of up to €20m or 4 per cent of a company’s global annual turnover. It’s not a case of opting in or out, it’s a stark case of comply or face the consequences.

While GDPR dictates that organisations must implement appropriate governance and accountability in their processing and protecting of data, it is just as important that we adopt a “neighbourhood cyber-watch” approach and make threats and data security everyone’s concern, not just those with a governance or security role.

According to Cisco’s annual cybersecurity report, today’s average large enterprise can face as many as 70,000 security events per week. The WannaCry attack has shown how devastating malware can be, and how quickly an issue can spread to affect the entire world in a matter of hours.

These threats are more than individuals, businesses and governments can tackle alone. The success of the cybercriminals is in part down to the lack of awareness of attack methods and in parallel, how to secure systems. Nevertheless, a key takeaway from the recent attacks has to be that a large number of organisations weren’t affected and managed to rebuff the assault.

Developing a society that is resilient to cyberattacks implies a willingness by all parties to share knowledge and insight about the latest threats to help reduce cybercriminals success rates and minimise the impact on businesses overall. Keeping a watchful eye on threats and warning those around us of danger has served humanity well as a model of protection for millennia.

Ultimately, cybercriminals are an organisations’ biggest competitor and a country’s biggest threat. The threat environment and the legislative environment are changing.

The WannaCry cyber-attack should serve as a stark wake up call for everyone that cybercrime is real and the consequences can be grave. It is possible to be prepared and to repel attacks, nevertheless the financial consequences of a successful breach are soon to get a whole lot more severe.

We have 365 days and counting.

Terry Greer-King is a director of cybersecurity at multinational technology conglomerate Cisco.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in