At the end of 2015 the EU agreed on new data privacy laws, comprising both the General Data Protection Regulation (GDPR) and Data Protection Directive. Together, the new laws address will affect how businesses use customer data and how citizens’ data is used in law enforcement, effectively streamlining legislation and moving member states closer towards a digital single market.
Many businesses are already adjusting their IT and data security in anticipation of the new rules coming into effect. For example, companies will no longer be able to give out customer information without the individual’s explicit consent. Such measures are balanced by a concern on the part of legislators to ease the flow of data between European countries with a view to boosting Europe’s digital economy.
At Kensington we’ve been looking at what the GDPR will mean for business and enterprise, concentrating on the question of digital security. The main point for many businesses and IT departments relates to the improvements in security. One recent study, for example, has highlighted the standardization of multi-factor authentication. The authors of the report show that many businesses and organizations are already making use of additional devices for authentication, as when a website will send an authorization request to a user’s smartphone.
Another, potentially more significant consideration for businesses, is the increasing cost of data breaches. Under the new rules, organizations could face hefty financial penalties for failing to comply with data security obligations. This will make that IT security a more pressing concern than ever, with enterprise taking every step possible to minimize the risk of breaches and the financial repercussions.
To give a sense of the scale of the fines conceived in the legislation, it has been suggested that they could equate to as much as five per cent of an organization’s annual turnover, although this figure will be reduced where firms can demonstrate mitigating circumstances or that they have taken every possible precaution.
As businesses continue to digest the new regulations, we are likely to see a ratcheting up of security protocols and investment in new technologies. There is also likely to be a fair amount of back-and-forth as businesses seek clarification about what exactly is required under the new regime. In both cases, the outcome will be an increase in the profile of data and digital security.
What’s your take on the EU’s General Data Protection Regulation? How will it affect your business? Let us know your thoughts by commenting below or on LinkedIn.
Image by Purple Slog via Flickr