FireEye whitepaper: How General Data Protection Regulation (GDPR) will impact on EMEA businesses
Intelligence-led security firm, FireEye has released a whitepaper detailing how the incoming General Data Protection Regulation (GDPR), will impact businesses in Europe, the Middle East and Africa (EMEA).
According to FireEye, measures should be implemented to effectively control the processing of EU citizens’ personal data within their business in a manner that is fair and transparent to the individual, consistent with security best practices, and aligned to the statutory requirements of the legislation. It says that GDPR will change the way EMEA firms do business forever.
Protecting critical business assets isn’t good enough; breaches are inevitable. It is just as important to be ready and able to respond to an incident as it is to protect against threats.
The GDPR financially compels organisations to be prepared for the aftermath of a successful breach. Advance planning is not a recommendation, but a requirement, the whitepaper states. This is because the main purpose of the GDPR is to reinforce the EU belief that privacy is a basic human right. Individual organizations are responsible for ensuring that they understand the law, obtain necessary consent for their use of personal identifiable information (PII) data and enable users to access or demand the elimination of their PII.
Building data protection into business processes, products and services is a necessary element of privacy protection, but on its own, insufficient, the paper states. Response readiness assessments and preparation, security program assessments and the development of clear post-breach communication plans are all legitimate ways to
begin the process of ensuring or maintaining compliance with GDPR. However, both public and private organisations that retain and use personal data are best served by working closely with their data protection officers to ensure
compliance with the GDPR.
Fines for non-compliance may be levied at up to four per cent of annual global group turnover.Given the magnitude of the potential fines it is advised that organisations take the time to not only assess how they monitor and protect EU citizens’ personal data, but also undertake tabletop exercises to stress test their ability to effectively comply and respond to GDPR breach notification regulation requirements, FireEye said.