Election brings GDPR into spotlight again

eu gdpr brexit

UK Prime Minister Theresa May’s decision to call an election for June 8 has brought issues which concern tech companies back into the spotlight — and very few are as pressing as the General Data Protection Regulation, or GDPR.

GDPR is the European Union’s new framework for the management of user’s data and because the UK had voted to leave the EU it was thought that it would no longer apply.

The UK government had made it clear, however, that the UK would mirror the requirements in GDPR, so it would in fact still be relevant.

And now that there is a slim chance that the UK might vote for politicians who want to remain in the EU, or at least, take a slower course for departure, GDPR is that much more important to learn and abide by.

Among the requirements of GDPR is that companies which have suffered a data breach must inform the authorities what has happened within 72 hours and remediate the situation forthwith.

And there are many cyber security companies which are offering ways for companies to minimise collateral damage through the protection of business data and quick investigations.

Among them is Savvius, a network performance and management firm, which says the GDPR’s requirement to report a data breach to the authorities within 72 hours of a data breach is going to be a “serious challenge” for any CISO.

Most companies don’t even know they have been breached, and security breaches take place many days prior to when they are discovered.

Companies will need to speedily identify breaches or face fines of up to €20 million or 4 per cent of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs.

For other breaches, the authorities could impose fines on companies of up to €10 million or 2 per cent of global annual turnover, whichever is greater.

Savvius has a product called Vigil that is a dedicated network forensics appliance that was purpose built for efficient security investigations.

Savvius Vigil automates the collection of network traffic needed for security investigations into both alerts, reducing the likelihood of a breach, and into breaches, minimizing their impact. Even breaches not discovered for months can be effectively investigated using Vigil.

Savvius says Vigil has a couple of differentiators over the other players on the market, it is a turn key plug-n-play solution which is pre-qualified by major security IDS, IPS, NGFW, and SIEM vendors.

Election brings GDPR into spotlight again Click To Tweet

It adds that Vigil is the only solution that provides before, during and after incident visibility to investigators looking into the forensics of breaches.

Riaz Khan, Director, UKI & EMEA Sales, Savvius, says: “One of the main issues concerning data governance at the moment is compliance of the set of processes and procedures. GDPR replaces the data protections directive and comes with its own rules.

“The aim is to protect all personal data for EU Citizens and the UK will still be part of the EU and hence are not exempt. The amount of data stored, storage period, and who looks at the data is important and needs to be protected.

“GDPR will force enterprises to look at the data they have stored to make sure that duplicated data is deleted and that access control is maintained on the data that is kept. This is where doing a ‘gap’ study for want of a better word, auditing the stored data will be important.

“Identifying where the data is stored is important to make sure it is protected. To protect the data, there has to be policy enforcement. In a way, data stored in an enterprise is an asset to doing business and strategies are built around how to protect that data which in turn drives the business to create policies and procedures.

“In order to comply with the GDPR privacy regulation data breaches will need to be reported to the supervisory authority within 72 hours after becoming aware of the breach.”