GDPR to bring newer opportunities in the Global security arena

Every organisation relies on the use of information in their daily work. For this reason, organisations need to ensure that their information assets i.e. any piece of data which has value to the organisation such as employee record, analysis reports, financial data, trade secrets, contracts, etc., are suitably protected. This has given rise to the concerns around privacy and personal data protection. Data security of the information will take the center-stage in 2018. Privacy and personal data protection will be the focus in 2018 for every organization.

Organizations will refocus on protecting what is really important. Information Security is a difficult task as most organisations are faced with an ever changing landscape affecting their operations - market development, advances in technology, discovery of new vulnerabilities, changing legal regime and so on. Gartner forecasts worldwide security spending will total USD 96.3 billion, that’s an 8 percent spike from 2017.

Companies are becoming more and more reliant on digitization and the threat landscape is becoming complex. Hackers are launching targeted attacks on different organizations and their users, organizations are gradually realizing the need to add security layers designed for them or by their in-house.

Information Security Risk Management (ISRM) is the specific process that helps those responsible for Information Security to manage the uncertainties which might affect the security of their organisation's information over time and indicates how to best react to these uncertainties within the constraints of their work environment.

As India creates its path to a digital future, an increasing number of governments, consumers and enterprises are spending more on ensuring a robust IT infrastructure for smart cities, smart vehicles, smart systems and digital society. To complement, businesses are increasingly adopting digitization, artificial intelligence, automation, all of which lead to products and services increasingly becoming an amalgam of technology-enabled functions.

A recent Symantec survey covering 1,100 CISOs across 11 global markets revealed that cloud security remained a top concern for Indian CISOs. One of the biggest challenges faced by Indian CISOs was to ensure cloud applications that meet compliance requirements.

To complement, the Supreme Court of India’s ruling in favour of ‘Right to Privacy’ will also influence the security landscape. With this many organizations will start showing significant interest in advanced encryption and key management technologies in order to secure customer data.

The advent of GDPR…

The EU General Data Protection Regulation (GDPR) comes into force as of May 25th, 2018. With the advent of new privacy laws and GDPR regulations, the activity of managing privacy will become one of the core tasks of the CISO. Any company doing business with EU entities will be brought under the new regulation; for example, global companies that maintain a website to solicit sales from potential EU customers will be subject to GDPR requirements.

General Data Protection Regulation (GDPR) of the EU will also have a considerable impact on the multi-nationals and companies serving/doing business with the companies in EU. Frankly, if you haven’t started your preparations to be compliant yet, you are in trouble. Though chasing every company for million-dollar fines isn’t the intent of the regulation, the threat of a bill equal to 4% of global revenue is very real, and one that blatant rule-breakers should be afraid of.

With these new regulations, along with other industries, global hotel businesses will also have approximately ten months to set their data privacy and security policies in line with the strict GDPR compliance or face crippling fines of up to 4% of annual global revenue or €20 million Euros, whichever figure is greater.

It is a fact that no one can be guaranteed data safety in a digital world. Companies need to know less about what happened, and more about what is happening, what is likely to happen, and what needs to be done – the possible scenarios, decisions, and constraints. As the security landscape is evolving cybercriminals are constantly testing defences; hunting for hidden weak spots and new ways to get in. Unless you make resiliency a priority, your data and reputation will remain at risk.

Having said this, it will be wise to say that GDPR is making its advent at just the right time, unless it ends up helping scammers and hackers.