WEF and the EC General Data Protection Regulation Updates
This year’s World Economic Forum (WEF) was held in Davos in January hosting world leaders concentrating on economic issues.
Prior to this annual meeting a 103 page Global Risk report was produced to identify the major concerns threatening world’s economies including climate change, food crises and weapons of mass destruction.
Many industries are going through what is deemed as the fourth industrial revolution. With the maritime industry shifting to advanced technologies to help drive smart and intelligent shipping, these provide very exciting and innovative opportunities and are the biggest advance in maritime operations since the advent of the steam engine. Yet these technology advancements do bring major concerns in terms of cyber dependency and the major concern of cyber risks and threats.
Cyber attacks are increasing and have become a global concern as many systems and devices that run critical infrastructure and decision making are now connected through the worldwide web.
Cyber attacks have emerged as the most serious threat to North America. The frequency and volume of threats has increased to such alarming rates that they have become worldwide news such as the recent data breaches at Target, the Office of Personnel Management, Anthem and Ashley Madison.
Public and private companies have become more vulnerable to cyber attacks as established IT security controls are now failing to protect the current systems. Many companies are not moving quickly enough to new technologies, often because of cost and time constraints. As a result, cyber attacks have been deemed the greatest threat and concern to eight global economies – the USA, Germany, Estonia, Japan, Holland, Switzerland, Singapore and Malaysia.
This means that is it highly important that cyber attacks become an urgent boardroom debate; they are no longer an IT problem, but a whole company problem.
Cyber risks put the regulatory frameworks under pressure as they to adapt to these new high frequency and high risk economic threats. The European Commission has finally agreed the EU Data Protection reform which consists of two parts: the General Data Protection Regulation and the Data Protection Directive. Each member state will start to formally adopt the new regulation from the beginning of 2016 and then a two-year transition phase will follow.
So what does this new General Data Protection mean for you and your business?
- Companies that fail to comply with the new regulation could face regular data protection audits, a warning and then a possible fine of up to €20m or 4% of annual worldwide turnover
- Right to Erasure – meaning that a person has the right to request the erasure of personal data
- Data Deletion – meaning that data should not be kept longer than needed and should then be destroyed
- Data Portability – meaning that a request of a copy of personal data should be possible
- Data Breach Notification becomes mandatory, within 72 hours of discovery, to the national Supervisory Authority. Notification to individuals “without undue delay”
- Joint Liability protection – meaning if you use cloud services you and the provider are jointly liable
- A Data Protection Officer must be appointed by all companies that process data on Europeans, if the company employs more than 250 staff or has revenues above €50m
In light of these regulations, how does you company comply with this today? Do you have plans to hire a Data Protection Officer experienced in Data Security and responsible to deal with the General Data Protection Regulation? Can you handle the breach notification requirements and have you tested your capabilities and know who to contact if there is an issue? If you fail to comply you may be liable for a €20m fine – do you have cyber insurance that will cover you against these risks?
There are solutions and answers to these issues and questions.
Do you want to learn more about cyber security and cyber risks?
Would you like a cyber risk assessment for your business to show you how prepared you are for these new regulations?
Do you want to get a cyber assessment to improve your ability to defend against these threats?
If you do, then talk to us:
Contact ESC Global Security now to schedule a Cyber Security Assessment and ensure you are knowledgeable and protected against cyber attacks. It could be the first and best step you take to ensure you don’t become another cyber crime statistic.
Download the ESC Global Security Maritime Best Practice White Paper Here
ESC Global Security executive briefing and cyber overview
limited time offer.
ESC Global Security is offering clients a limited time offer to get a Cyber Security professional for a one day workshop with your executives to provide an overview on the threat landscape, what the cyber risks are and what can be done to prevent them. This workshop is tailored to each client and will help identify urgent and critical gaps.
1 Day workshop – €2,000
* Does not include travel.