Setfords cyber law expert Dean Armstrong QC says a recent security conference has revealed that with just six months to go until new data regulations come into force, there remains within many businesses a worrying lack of understanding about the changes.
Dean’s warning about the General Data Protection Regulation (GDPR) comes after speaking to dozens of delegates at the UK Security Expo 2017. He was there to advise businesses on what steps they must take to make their data secure. Dean says greater education of staff is key to ensuring companies avoid potentially crippling fines by breaching the new regulation.
In his own talk, ‘The five myths of GDPR’, Dean referenced recent cases of inadequate data protection provisions from Uber and Google. You can read about these myths in Dean’s blog for the show.
What we learnt from the show
Speaking to business leaders throughout last week’s show, Dean gained insight into the challenges and misunderstandings surrounding GDPR. He shared his thoughts:
1) There are still massive misunderstandings
“With just six months to go before the new regulation takes effect, delegates across the board, from IT leaders to compliance and security colleagues, were still unclear as to how the regulation will affect their businesses – and their role within the organisations’ plans to deal with it. During these discussions it became clear that CEOs need to take definitive steps to ensure that their organisations are educated and focused. Each and every person plays a role in ensuring compliance with GDPR and leaders should seriously consider programmes of organisation-wide communications and training – quickly. However, this can only happen if CEOs themselves have a thorough understanding of the issues.”
2) There is a startling lack of collaboration
“Misunderstandings are clearly being compounded by a lack of collaboration across departments. For example, I spoke to an IT leader from a major telecoms provider who said his team was not involved in GDPR-readiness. A Security Manager from a local authority said a cyber task-force he was involved with had not even touched on GDPR, this was being handled separately. GDPR is not an issue for one department. Readiness will require an organisation-wide approach.”
3) There is an appetite to act
“There is good news too though. Through events like this, organisations are finally taking the issue seriously. With growing debate on the best ways to combat data-protection challenges, business leaders are being forced to take their heads out of the sand and apply the debate to their own organisations. As an independent expert in the area, it’s clear that there is still fear and confusion over data protection. However, if you are hungry to act on the issue, the tools are there. Bring the right ingredients into the mix – knowledge, expertise, collaboration, preparation, and you have a winning recipe to ensure your organisation is well stocked to deal with the new world of GDPR.”
Dean has written a checklist to help organisations consider what steps they need to take towards data-protection readiness, and is available to offer advice to organisations on the challenges they face.