[How-to] Prepare for New EU Data Protection Regulations

By Jason Hart, VP Cloud Solutions, SafeNet

If we’ve learned anything from recent events, it’s that we have a growing data security crisis. In the second quarter of 2014 alone, SafeNet’s Breach Level Index revealed that 237 data breaches occurred.

Companies we all know, use and trust with our personal and financial information have been affected, including eBay, Office, Morrison’s and Mumsnet.

With the new EU Data Protection Regulation likely to be approved next year, many companies could be in for a shock if they don’t start preparing.

The new regulation will have major implications on the way in which data is collected, stored, accessed and secured. Most importantly, it will require an entirely new mindset when it comes to securing customer data.

Companies will be mandated to adopt preventative security measures that lower the risks of data breaches and use security measures that help mitigate their consequences. Organisations with lax security will also be put in the spotlight with the requirement to notify both authorities and affected individuals when a data breach occurs.

Beyond the strict requirements of the regulations, companies need to shift to a new data security mindset. Here are four recommendations for security operations professionals to prepare:

  1. Out with the old, in with the new: Today’s security strategies are dominated by a focus on breach prevention that includes firewalls, antivirus, threat detection and monitoring. But, if history has taught us anything, it‘s that walls are eventually breached. The next and last layers of defence need to be around both the data and individuals that access the data by surrounding them with end-to-end encryption, authentication and access controls, to protect customer data.
  2. Protect customer data as if it were your own:  View the protection of sensitive customer data not as a regulatory mandate, but as a responsibility essential to your company’s success. Being a better steward of customer data is not just good PR, it’s good business sense too.
  3. Be transparent: Tell customers about the security measures your organisation has put in place to protect their data. The largest online companies are being more open about what they’re doing to protect customer data, so it’s important others do the same.  
  4. Security is a two-way street: Just as you tell customers what you’re doing to protect them, tell them what they need to do to protect themselves. If a customer experiences identity theft or a data breach while doing business with your company, your brand suffers. A better-educated consumer is a safer consumer of your services.

The proposed regulation may still be a long way from becoming law, but it’s time to start preparing. Companies need to start taking steps to change their security mindset.

Being breached is not a question of “if but “when”. Traditional approaches to data security do not work anymore, so it’s time to move away from breach prevention, towards a ‘secure breach’ approach.

This means accepting that breaches happen and using best practice data protection to guarantee that data is effectively useless when it falls into unauthorised hands.



Featured Articles

Top 10 most innovative telecom operators in the Middle East

With Dubai-based Telecoms World Middle East in full swing, we chart the most innovative telcos from the region – and look at how they are transforming

Top 10 fastest-growing Indian companies in the UK

Business Chief takes a look at the top 10 fastest-growing Indian companies in the UK, according to the India Meets Britain Tracker from Grant Thornton

Top 10 workplaces prioritising people and planet in the UAE

Sustainable, flexible, collaborative, tech-driven, and amenities-rich, the office of the future considers both people and planet – here are 10 in the UAE

Top 10 female HR execs leading Saudi’s workplace transition

Leadership & Strategy

Top 10 largest asset managers by AUM operating in the UAE

Corporate Finance

Top 10 female CEOs leading Africa’s biggest businesses

Leadership & Strategy