People get ready: GDPR is coming!

After a year of talking about it, businesses now have just one year to ensure they are compliant with the rulings outlined in the EU General Data Protection Regulation (GDPR), which comes into effect in May 2018. The countdown is truly on

Heralded as “a major step forward for consumer protection”, the GDPR will place an even greater onus on organisations to safeguard the personal data they hold from cyber-attacks. For example, the new rulings state that organisations will have to implement “appropriate, technical and organisational measures to ensure a level of security appropriate to the risk, including […] encryption of personal data.”

Failure to comply will have serious consequences for any business. With fines of up to 4 per cent of an organisation’s annual worldwide revenues, non-compliance could be crippling for a company’s bottom line – and its reputation.

With such devastating repercussions, the C-suite is certainly sitting up to consider how best to tackle the challenges GDPR poses. As such, identifying ways on how best to protect customers’ data, and business’s intellectual property, is fast creeping up the boardroom agenda – with a particular focus on implementing encryption strategies.

A boardroom issue

When it comes to matters of encryption, you wouldn’t be alone in thinking they reside solely within the confines of an organisation’s IT team. In fact, over the past decade, we have seen that the IT operations function has consistently been the most

influential in framing an organisation’s encryption strategy.

However, the balance of power is starting to shift. According to the Thales 2017 Global Encryption Trends Study from the Ponemon Institute, for the first time, business unit leaders are now at the head of the charge when it comes to encryption strategy, having the highest influence over its implementation. What’s more, the adoption of encryption strategies across global organisations has accelerated considerably over the last 12 years. In fact, just over two in five organisations now have an encryption strategy applied consistently across the enterprise – a huge increase on the 15 per cent we reported back in 2005.

Driving this shift has certainly been the rising number of data breaches hitting the headlines over the past few years, but so too have the changing regulations around data protection. In fact, compliance with privacy and data security requirements is the main driver for the majority of global organisations to deploy extensive encryption use within their company.

This is just the start…

Yet while it’s encouraging to see encryption usage is on the rise, there is still a lot of work to be done.

Today, a worrying 84 per cent of UK organisations say they still feel vulnerable to data threats, according to the recently released European edition of the Thales Data Threat Report, with one in five reporting that they feel “very” or “extremely” vulnerable. What’s more, despite an increase in IT security spending, the number of data breaches continues to rise.

Perhaps this can be attributed to the fact that businesses continue to invest in traditional security measures to protect their sensitive data. In fact, we recently found that nearly half of UK organisations plan to increase network IT security spending, and there is a strong belief among many that network security is “very” or “extremely” effective at protecting data from breaches.

The problem with traditional, network IT security solutions, however, is that data no longer resides within the traditional “walls” of an organisation. Today, more and more organisations use sensitive data in an advanced technology environment – such as in the cloud and on connected devices – and consequently, network security solutions become increasingly redundant in stopping modern breaches.

Cyber-security strategies need to reflect what is going on in the real world. In today’s increasingly complex threat landscape, robust IT security strategies, such as encryption, must be in place to protect data in all its forms, wherever it is created, shared or stored. The consequences for failing to properly protect valuable customer data, come May 2018, are not worth considering. The GDPR is coming and your business needs to be ready.

Cindy Provin is chief strategy officer at Thales


Get our latest features in your inbox

Join our community of business leaders