Thales Blog

Meeting GDPR Compliance With A Year To Go

May 19, 2017

There’s now less than a year until the EU General Data Protection Regulation (GDPR) comes into effect.

Designed to harmonise data privacy laws across Europe and increase the protection of data privacy for EU citizens, the GDPR has been heralded as a major step forward for consumer protection, and is set to have a significant effect not only on companies within the EU, but also on those exporting data to countries outside the European Union.

The GDPR requires a greater obligation from businesses to protect the personal information they hold from cyber-attacks, with penalties for leaking customer data larger than ever before.

For example, the new rulings state that organisations will have to implement “appropriate, technical and organisational measures to ensure a level of security appropriate to the risk, including […] encryption of personal data.”

Businesses that fail to comply with the new regulation could find themselves facing potential fines of up to €20 million or 4 percent of their annual worldwide turnover.

Compliance driving encryption

It’s perhaps little surprise that our most recent Global Encryption Trends Report revealed compliance to be the biggest driver among businesses for their encryption strategies, with 55 percent of respondents identifying compliance with privacy and data security requirements as the main reason for extensive encryption use within their company.

And once the GDPR comes into effect next May, we can be certain that more and more companies will consider how they can best deploy encryption to ensure they are compliant. After all, the consequences for failing to do so – namely the eye-watering fines – are something no business leader wants to face.

Indeed, such considerations have led to data privacy regulation becoming a top-table issue for all businesses. For the first time in its 12 year history, our study revealed that business unit leaders, rather than IT operations, now have the highest influence over their organisations’ encryption strategy.

Misconceptions around Brexit

Worryingly, I read recently that more than two fifths (44%) of businesses didn’t think the regulations would apply to UK businesses following the triggering of Article 50 by the Government at the end of March, and that that a quarter of businesses have actually cancelled their preparations for the GDPR due to this misapprehension!

While it may be true that Brexit has created some degree of uncertainty among the business community, the GDPR will still apply for all businesses operating in the EU, despite the UK’s decision to leave. Importantly, it’s also worth remembering that the GDPR will be implemented on May 4th, 2018, well before the UK’s “divorce” from the European Union has been finalised.

It’s not too late…

With less than a year to go until the GDPR is in place, and these much talked about penalties becoming a painful reality, it’s important that businesses take steps now to ensure that they’ll be fully compliant.

According to our study, just over two in five (41%) organisations have an encryption strategy applied consistently across the enterprise. Given the importance that the GDPR places on protecting customer data, this is certainly encouraging.

More businesses will need to follow suit between now and May 2018, but there is still time…