Upload File

europe’s new data privacy laws – are you as ready as you think?

  • Home
  • Technology
  • Europe’s New Data Privacy Laws – Are You As Ready As You Think?
10
General Data Protection Regulation EUROPE’S NEW DATA PRIVACY LAWS ARE YOU AS READY AS YOU THINK?

Upload: symantec

Post on 13-Feb-2017

1.195 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection Regulation

EUROPE’S NEW DATA PRIVACY LAWS

ARE YOU AS READY AS YOU THINK?

Page 2: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

THE GDPR – A NEW CHALLENGE FOR THE IT SECURITY PROFESSION

The EU General Data Protection Regulation (GDPR) is one of the most significant developments in data protection policy and regulation for years. The IT security profession is slowly starting to recognise the full extent of the changes to the processing of personal data ahead of the GDPR coming into force in 2018.

Symantec and research firm Coleman Parks, conducted a study into how UK & Ireland organisations are prepared for this wide-ranging legal framework by questioning 260 CISOs from organisations with 1,000+ employees.

Page 3: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

WHAT COULD POSSIBLY GO WRONG? The research shows those in charge of IT Security in UK and Ireland think they are well aware of the wide-ranging impact of the GDPR on their organisations.

The top three issues were the transfer of data, public awareness and loss of brand reputation after a breach and the disruption of the business.

Top 5 GDPR issues impacting UK and Ireland businesses

Data transfers

Public awareness and brand reputation in case of a breach

Business disruption / Inability to trade during privacy incidents or investigations

Fines and legal costs of compliance and litigation

Ability to process data for your business model

43%

38%

33%

32%

31%

1

2

3

4

5Of only slightly less concern were fines and costs (31%), despite the fact these could range up to 4% of annual turnover or €20 million.

Page 4: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

.

CONFIDENCE AMONG UK AND IRELAND ORGANISATIONSDespite the scale of change to processes and systems required to comply with the GDPR, 82% of UK and Ireland organisations believe they will be fully prepared for the GDPR within the next five months.

Prepared Likely to be fined

2% 2%In 1-2 years In 2 years

or more

40%In 2-5

months

14% 14%In 1 month In 6-12

months

28%Fully prepared

As part of these preparations, over half (47%) already have appointed a Data Protection Officer (DPO). Also, despite lower IT budgets and skills shortages, 51% of the respondents believe they have full authority and budget to make the changes they need to be more resilient.

Page 5: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

GDPR RESPONSIBILITY – WHO’S ON THE HOOK?GDPR is on the board’s agenda for 59% of organisations. Overall 38% of boards received compliance reports from others including the CISO, while for 3% GDPR was not yet a board issue.

However, when it comes to public announcements following a cyber breach that affects GDPR compliance, the responsibility is shared across a variety of roles such as the CISO (30%), CIO (20%) and DPO (18%).

Top titles responsible for managing the series of announcements in case of a cyber breach

Overall In large enterprises

30%

12%

20%

13%

18%

4%

40%

9%

15%

10%

15%

30%

CISO

Chief Data Officer

CIO

CEO

DPO

Head of Legal

Page 6: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

WHAT ABOUT OUTSOURCING? Part of the requirements to comply with the GDPR is to have a clear view on how personally identifiable data is dealt with. It is therefore surprising to see third party process engineering (such as payments processing, credit checking etc.) being the most popular aspect of the GDPR to be outsourced (56%).

Third party process engineering

Policy creation

Data classification

Preperation

Certification

DPO role

Ongoing compliance

Incident Response services

Parts of the GDPR preparation to be kept in-house

Parts of the GDPR preparation to be outsourced

Perhaps more understandable was the use of external experts for certification (41%), ongoing compliance (38%), policy creation and preparation (32% and 31%).

44% 56%58% 42%59% 41%

62% 38%66% 34%68% 32%69% 31%71% 29%

Page 7: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

ARE YOU FAILING TO PREPARE OF PREPARING TO FAIL?Given the degree of confidence asserted by CISOs in this study, it is surprising to see how many would currently fail an important security requirement of the new law.

are fully equipped to detect, report, remedy and recover from data breaches.

are only able to report the breach within 72 hours’ notification requirement that applies to notifying regulators in the GDPR.

should be able to report the breach but not within the 72 hours’ notification requirement that applies to notifying regulators in the GDPR. They are liable to be fined.

will improvise as and if the situation presents itself.

don’t expect to suffer a data breach at all

37%

37%

20%

4%

1%While 37% are fully-equipped to detect, report, remedy and recover organisationally from a breach, 37% only feel able to report it within 72 hours. Worst of all, 4% will improvise in a breach situation and 1% are confident they would never suffer a data breach.

Page 8: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

FIVE STEPS TO GET READY FOR THE GDPR

For more insights, click here: http://www.symantec.com/en/uk/data-privacy/

Treat GDPR compliance as a board-level issue for organisations. Form a governance group under the direction of the CISO, CIO and Data Protection.

Understand and map the data you collect and process, directly and via third parties. Devise and test the mechanisms to delete data with confidence.

Assess your organisation’s current data retention policies and whether the level of security offered by and procedures offers adequate protection against unauthorised processing and/or data loss.

Take a ‘Privacy by Design’ approach to re-engineer processes and policies which involve the processing of personal data to ensure compliance happens by default.

Urgently review your breach notification processes to assess whether your organisation can investigate the extent of any compromise within the 72-hour notification deadline. If not, review your Cyber Insurance coverage once again, or be ready to pay large fines.

1

2

3

4

5

Symantec recommends following these steps:

http://www.symantec.com/en/uk/data-privacy/
Page 9: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

General Data Protection RegulationGDPR

Page 10: Europe’s New Data Privacy Laws – Are You As Ready As You Think?

Copyright © 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are

trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be

trademarks of their respective owners.

Symantec EMEA Headquarters 350 Brook Drive, Green Park, Reading RG2 6UH

Tel: +44 (0)870 243 1080


Europe’s New Challenges

Europe’s Wars

START ACCEPTING EUROPE’S POPULAR PREPAID CARD WITH …€¦ · Accepting paysafecard will also increase your sales, as you can target consumers that do not have credit or debit

Together for Europe’s recovery · 10 | Together for Europe’s recovery Together for Europe’s recovery | 11 again to the medium-term achievement of forward-loo-king budgets as

A tour of some of Europe’s Mountains - Alpine Garden · PDF fileA tour of some of Europe’s Mountains As many of you know we enjoy travelling and this year ... Androsace chamaejasme,

Nature - LIFE building up Europe’s green infrastructure ... · gation and adaptation to climate change – will strengthen Europe’s green infrastructure and, as a result, increase

Occasional Papers n°48 - EUISS Homepage · impact on the transatlantic relationship as well as help to define Europe’s role in the world (and the future of Europe’s defence-industrial

LIFTING HOW CUTTING COAL SAVES LIVES EUROPE’S …env-health.org/IMG/pdf/_lifting_europe_s_dark_cloud_-_final_report.pdf · 2 LIFTING EUROPE’S DARK CLOUD LIFTING EUROPE’S DARK

Engage with Peers from Europe’s Leading Boardrooms · Engage with peers from Europe’s most important . boardrooms. At the St.Gallen Board Retreat, you . will meet your peers from

Repremiumization: The way up for Europe’s telcos...Repremiumization: The way up for Europe’s telcos As consumers depend more on their networks, network operators have an opportunity

Europe’s Energy Future

Europe’s “New” Imperialism (1815-1914) Europe’s “New” Imperialism (1815-1914)

HISTORICAL WONDERS...Canada. Rhode Island Corfu DEAR ALUMNI AND FRIENDS, Uncover Europe’s timeless treasures as you sail the seas around Italy, taking in remarkable natural wonders

Europe’s strategic cacophony

Présentation PowerPoint...Official Nominee Europe’s Leading Island Resort 2013 Official Nominee Europe’s Leading Beach Resort 2013 World Travel Awards “Europe’s Leading Island

Europe’s green insulation

Make a difference to Europe’s food safety EFSA & You One slide presentation

Positioning Scotland as Europe’s No.1 Wildlife …innopp.no/docs/studietur/Skottland/Positioning Scotland...Caroline Warburton Positioning Scotland as Europe’s No.1 Wildlife Watching

Land consolidation as Central Europe’s panacea reassessed

Europe’s wood pastures: condemned to a slow death by … · Europe’s wood pastures: condemned to a slow death ... productive farmland and as wildlife ... and makes a mockery of

Europe’s Christmas Tree

Europe’s Environmental Issues

Europe’s Foremost Independent BPM Conference BPM · Europe’s Foremost Independent BPM Conference Building Your Business Process Capabilities As economic conditions improve, pent

Europe’s Geography

WORKING CLASS - Open Society Foundations EUROPE’S WHITE WORKING CLASS COMMUNITIES ... This city report was prepared as part of a series of reports titled Europe’s ... including

BREXIT CHECKLIST - Amazon S3 ADVICE DOCU… · BREXIT CHECKLIST. Getting you and your business ready for Brexit. Introduction. As a member of Europe’s largest palletised freight

Reimagining Europe’s Future

Zenises purchases Vacu-Lug · Zenises purchases Europe’s largest independent retreader London, 31 July, 2018 – As Vacu-Lug Traction Tyres Limited – Europe’s largest independent

PHOTOCONSORTIUM: Digitizing Europe’s Photographic Heritage · PHOTOCONSORTIUM: Digitizing Europe’s Photographic Heritage ... been published as linked open data in ... which was

Europe’s Quest for Digital Sovereignty: GAIA-X as a Case Study

Europe’s Rhine power: connections, borders, and flows · Europe’s Rhine power: connections, borders, and flows ... fellow Annales-historian Lucien Febvre, ... Europe’s Rhine

Europe’s Social Reality

EUROPE’S CLEANEST & GREENEST AIRLINE GROUP · Ryanair, as Europe’s largest and lowest cost airline, is committed to leading the way. We support the Paris Agreement to limit global

Europe’s day celebration

EUROPE’S PREMIER MICROWAVE, RF, WIRELESS AND · PDF fileEUROPE’S PREMIER MICROWAVE, RF, WIRELESS AND ... medieval Old Town as well as its beautiful surroundings to ... EUROPE’S