At a recent technology fair, I felt worried. I was taken aback by the lack of urgency of the IT community towards network security and making sure, their networks were GDPR (General Data Protection Regulation) compliant – time is nearly up!
I joked that they were lucky to have the time to visit the fair while the clock was ticking towards the GDPR deadline. ”Yes, I heard about it and will have a look at it after the Easter break”, was the common response. I could not believe it! ‘I will have a look at it?’ Are you serious!?!
In 2017, Ransomware hit many companies hard. It was the year of several huge outbreaks damaging not only wallets, but also the reputation and productivity of many companies. The threat of malware to business and individual’s data seriously hit the headlines even in the yellow press. I thought this may have kick started some sort of urgency in the IT community in taking their data security and GDPR compliance seriously… obviously I was wrong.
GDPR Rules
GDPR rules will have a significant impact for every company throughout Europe and indeed the world. Non-compliance is not an option. If you have a data breach and were not compliant, it will not only be expensive; but it will cost every your reputation and in extreme cases your existence! In most EU countries, privacy laws have been in place for a long time, but GDPR is different. This EU regulation could result in maximum fines of €20 million or 4% of annual worldwide turnover – whichever is higher - in the case of a violation. Serious stuff for any business!
To add to this, it comes into effect sooner than some people might think - on May 25, 2018!
GDPR: Time is up
For those of you who are sure you are compliant – good on you! (If you are unsure, we have a quick security audit you can do). But to all those who said ‘I will have a look at it after Easter’ you better get a move on. IT-Security is an essential part of the GDPR and it is easy to make your network or those of your customer’s protected against threats and compliant.
Some parts of the regulation, like assigning a so-called „Data protection officer (Art. 33)”, have to do with the wider organization. However, the security part can easily be solved by adding the full UTM service to the networks you maintain – you can see what this means in our GDPR technical guide.
The essential part for network security is article 32, which states that there is "a requirement for a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing“.
How to protect your network and data
Applying the four UTM services – Anti-Virus, Anti-Spam, Content Filtering, Intrusion Detection and Prevention (IDP) - can build layers of defense helping to keep out malware, spyware and avoid breaches, which could compromise your customer data – a big GDPR no no.
Zyxel is well positioned to support you. The ZyWall USG devices have a 1-year bundle of Anti-Virus, Intrusion Detection, Anti-Spam and Content Filtering as standard. This not only ensures GDPR compliance – you have adequate data protection in place – but you are also protected against attacks of malware – the benefits for which go without saying.
Coming back to the customers at this technology fair. It was clear many did not really understand the urgency. Many took action quickly after learning about the need for action, but there are still many businesses out there not protected and not GDPR compliant. Even if GDPR wasn’t coming in, every company, whatever their size, should have robust network protection. GDPR just reinforces this and puts a further responsibility on the business to protect consumer data – a good thing I think.
The clock on GDPR compliance is indeed ticking, but if you take action now, there is no reason to worry.
Therefore, IT community, if you are planning to sort out your GDPR compliance, I would suggest you take action now. Here are some good starting points:
- Watch my webinar on GDPR so you understand what it is and figure out what it means for you – watch here.
- Read our solution guide to find what options there are to protect your network, or if you are more technical, we also have a guide for you too – read here.
- Try our security audit to see if your existing network is adequately protected – start audit here.
- Finally, take action now. Waiting will not make the issue go away.
I really hope that history does not repeat itself. In 2017 many companies paid dearly by ignoring the threats of ransomware and malware. GDPR will make sure businesses take data security more seriously – a good thing all round! There is no excuse not to be ready or protecting your networks! The clock is ticking!