NIS GDPR & Cyber Security Seminar - 19th September 2017
“Can you afford to ignore the next generation of Cyber threats?”
"Why is the new GDPR law keeping Directors awake at night?"
Network Integrity Services present - IT Insights Decoded 2017
Tuesday 19th September 2017 – Hatfield House Riding School,
>> register here (event closed)<<
GDPR or General Data Protection Regulation becomes law on 25th May 2018. If you are not ready then you can expect fines of up to 20m Euros or 4% of your annual turnover.
The fact that Britain will leave the European Union (EU) will make no difference; many countries are tightening up on data protection laws identifying their citizens. Therefore the transfer of data with third parties who themselves have to abide by data regulations, will become increasingly important.
Businesses will need to ensure that data relating to any EU citizen is managed within the requirements of European law and their policies. This can be anything which identifies the individual such as a date of birth, email address, telephone number, credit card detail or even an image. Citizens will have the right to ask that their data is removed from a database unless there is a legal reason for the data to be stored.
This means that your business will have to review and potentially change the way it collects, uses, transfers and stores personal data. The regulation will apply to both controllers and processors of information. Whilst a profit making organisation or charity might control the information, an IT company might be the processor. As an example, an off-site backup could be considered a process.
In the war against cyber threats a company’s weakest link continues to be its employee and cyber criminals are finding very sophisticated and convincing phishing methods to penetrate a company’s defences. Businesses of any size cannot ignore the consequences of the GDPR. The maximum time to report a data breach to a local Information Commissioner will be 72 hours from when your organisation becomes aware and in the most serious of cases this could be as little as 24 hours. A company will need to identify how and at what point in the handling of the data the breach took place.
One can always take a chance and avoid reporting the breach in the hope that no one will find out. This is where the situation becomes very interesting, because if your Data Officer does not report the loss then a hacker might if his demands are not met! But then any individual affected by the loss of data can also report the breach, or even a disgruntled employee, in which case a business can expect to be dealt with more severely.
The landscape for understanding the GDPR continues to evolve, data encryption is only part of the solution. Businesses need to recognise that the GDPR is not just an IT issue but more about company policy and how it adheres to the principles of the GDPR. Small to medium size businesses continue to believe that GDPR is like the ISO standard or an annual audit, this is just a popular myth. This is LAW and just like ignoring to wear a seat belt whilst driving, complacency will run the risk of heavy fines.
To learn more about the latest thinking on how best to prepare for this regulation, how anyone can become a cybercriminal within minutes, protect your business against cybercrime and the benefits of cyber insurance, register for the NIS Insights 2017 Seminar at The Riding School, Hatfield House, Hatfield. At this seminar you will get the facts first hand from globally recognised IT experts, Cyber insurance brokers, policy implementation and legal specialists in the GDPR.