Unless you've been living under a rock for the past year, you're probably aware that the EU's new data protection regulations - also known as GDPR - are shortly going to come into force. GDPR holds organisations to strict standards regarding customer data, with harsh penalties for negligence and abuse.
It's a major issue for European businesses, and it seems like absolutely everyone is talking about it. In fact, along with the Brexit negotiations, GDPR is one of the biggest causes of uncertainty for businesses.
General Data Protection Regulation (GDPR) GDPR for small businesses: What it means for you The IT Pro view: Data protection and GDPR
As the senior vice president and EMEA general manger for a cloud storage and content management company, GDPR is understandably high on the list of priorities for Box's David Benjamin. "I personally feel that this is going to be a pretty defining moment in the industry," he told IT Pro. "It's going to be one of those 'inflection points', to use a Silicon Valley term."
One of the most significant parts of the legislation is the penalties for non-compliance. According to the law, if companies aren't abiding by the principles of the GDPR, they will be liable for up to 20 million or 4% of their global annual turnover - whichever is higher.
Despite these eye-wateringly steep fines, Benjamin says that companies are still failing to take GDPR seriously. "Customers I speak to are very aware of the impending May 2018 deadline," he said. "I don't sense, however, there is yet the movement within organisations to - and I hate using the expression - but to become GDPR-compliant. There's still an element of 'wait and see'."
This is reflected by a veritable avalanche of studies showing that companies are still unprepared for the regulations, including a new survey conducted by IT services firm Bluesource which showed that 80% of organisations will face "major challenges" for compliance when they come into effect.
US firms in particular may be caught by surprise, Benjamin said. He pointed to the Equifax breach, which has just been revealed to have affected nearly 700,000 UK citizens. "If that had happened post-May 2018, they would have been subject to a $60 million-plus fine," he said.
"It certainly hasn't filtered through to organisations that sit in the US, and don't necessarily realise that GDPR extends to all European citizens, whether they are captured in a US platform or a US-headquartered organisation or not."
The biggest problem that organisations are having with GDPR compliance, according to Benjamin, is that the regulations are vaguely-worded in a lot of places. While some elements of the rules - such as the need to appoint a data protection officer and notify users of a breach within a given time frame - are clearly laid out, many aspects have a lot of room for interpretation.
-
OpenAI just launched 'Codex', a new AI agent for software engineeringNews OpenAI has unveiled the launch of a new AI agent, dubbed 'Codex', aimed specifically at supporting software engineering tasks.
-
Acer's new Swift Edge 14 AI is a MacBook Air killerNews Acer's new Swift Edge 14 AI is an ultra-lightweight, compact productivity powerhouse.
-
Data sovereignty a growing priority for UK enterprisesNews Many firms view data sovereignty as simply a compliance issue
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
How ready is your company for NIS2?Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
-
Forcing Apple to allow alternative app stores might cause major security risksAnalysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
Conquering technology risk in bankingWhitepaper Five ways leaders can transform technology risk into advantage
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
