The recently unveiled European Union (EU) data protection proposals call for hefty fines, new rules for reporting data breaches, large companies to appoint a data protection officer and several other regulations. Although the legislation has yet to be put into effect, many European enterprises are already planning ahead, making changes to their IT security strategies and policies.
The data protection proposal would enable the EU to fine companies in violation of the laws up to 2 percent of their global annual turnover. Combined with the increasing prevalence of cyberattacks and data breaches, the threat of severe financial punishment has prompted many businesses among EU member states to make continuous compliance an organizational priority.
According to a recent study by Tufin Technologies, 42 percent of network security managers believe the EU proposal has led to heightened risk awareness in their organization. Additionally, 34 percent of respondents said their attitude toward continuous compliance has changed due to the data protection legislation, and 54 percent said automating compliance audits would help reduce the risk of violating the regulations, potentially saving the company from being fined.
"While 29 percent of respondents have partially automated compliance audits, those processes that are not automated run the risk falling out of compliance the moment after the auditor signs off on the audit," said Shaul Efraim, vice president of marketing and business development for Tufin.
The report said respondents provided vastly different answers regarding best practices in reducing the risk of noncompliance. According to Tufin, some IT security professionals said a strict regulatory compliance strategy that includes a comprehensive data security awareness program would help organizations meet EU compliance standards.
While the proposed legislation may cause headaches for enterprise compliance officers and other IT professionals, the EU and Justice Commissioner Viviane Reding are confident the laws will facilitate stronger data protection standards for government organizations, businesses and consumers.
"Seventeen years ago less than 1 percent of Europeans used the internet," Reding said. "Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data."
Reding said the presented changes to the existing policy will save businesses around €2.3 billion per year by providing them with a single set of rules and one data protection authority to report to, reducing costs related to paperwork and other compliance expenses. Meanwhile, enterprises will be required to notify authorities about data breaches as quickly as possible – within 24 hours if feasible. Also, companies with more than 250 employees will have to appoint an independent data protection officer.
With the new regulations requiring organizations to quickly report data breaches, and large fines for companies that fail to do so, it's essential for IT decision-makers to consider implementing security solutions capable of detecting and eliminating advanced threats before a major breach occurs. Some IT security providers offer integrated, state-of-the-art systems that can analyze security events in real time, giving enterprises the ability reduce costs, efficiently detect threats and decrease risk. These advanced solutions can also help organizations meet regulatory compliance standards by encrypting critical data, controlling access and constantly monitoring company networks, systems and endpoints.
The importance of data protection legislation, organizational policies and awareness is at an all-time high, as cyberattacks are more sophisticated and widespread adoption of mobile devices has opened the door for new threats. According to a recent global survey, 86 percent of IT professionals believe their job would be at risk if a data breach occurred, revealing yet another reason enterprises must develop better security and data protection plans.
Security News from SimplySecurity.com by Trend Micro