GDPR and Cyber Security: the Elephant Herd in the Room

GDPR and Cyber Security: the Elephant Herd in the Room

Keith Bedell-Pearce

Chairman at 4D Data Centres

Views 1419

GDPR and Cyber Security: the Elephant Herd in the Room

08.05.2017 02:30 pm

As the UK will still be part of the European Union (EU), General Data Protection Regulation (GDPR) will become UK law in May next year and whether we have hard or soft Brexit, GDPR is likely to remain on the statute books. With this in mind, Keith Bedell-Pearce, chairman of 4D, urges businesses to focus on putting a practical cyber security strategy in place now.

There are two reasons why GDPR is here to stay. The first is that it is the cornerstone of the current Government’s longer term cyber policy. The second is, according to the Information Commissioner’s Office (ICO), “if the UK wants to trade with the single market on equal terms, we would have to prove ‘adequacy’”. This could include a requirement to implement data localisation involving the physical relocation of customer information.

In an age where every business is becoming ever more reliant on the storage and processing of data, businesses need to address data localisation and ensure that their data systems are robust enough to prevent a breach. Organisations need to consider where their cloud provider owns and operates their data centres and whether their data could inadvertently be transferred or stored in locations outside the UK or EU.

Companies have until May 2018 to ensure their data systems are robust enough to prevent a breach or face a hefty fine from the ICO of up to 4% of turnover if they become victims of data loss.

In addition to any fines for data breaches, the commercial cost of loss of confidential information, sales and marketing data or the results of costly and valuable research can be immense. Add to this the reputational damage of adverse publicity, a major data breach could turn out to be the single greatest risk in terms of both cost and probability of occurrence that an organisation faces. Yet in many companies, data breaches barely get a mention in their risk register, if at all, and expertise in cyber security at a board level is still a rarity apart from in technology companies.

The seriousness of cyber risks is further underlined by the assertion in the 8th April 2017 edition of The Economist that “Computers will never be secure... computer security is a contradiction in terms”. The article goes on to say that the scale and complexity of modern software is the root cause of the inherent vulnerability of modern business. The Economist argues that errors are inevitable and these errors create vulnerabilities that can be exploited by hackers. The generally accepted error rate for source code programmers is 10 to 50 per 1,000 lines. The average phone app has a round 14 vulnerabilities and in the Internet of Things (IOT), the vulnerability exposure is such that it is now open season for the hackers with the six billion plus connected devices on the IOT.

So the need to take seriously the threat of a data breach, along with the prospect of hefty fines by the ICO, has never been more important.

How can senior stakeholders ensure that their businesses have the appropriate technical and organisational measures in place to protect its data in all of its forms?

There is a lot that an organisation can do by way of self-help using relatively straightforward and low (or nil) cost measures. Cyber security should be embedded into the very core of any business, no matter the size. This won’t necessarily stop the business from falling prey to a breach but it will at least reduce the chances of a catastrophic data breach with all the resultant reputational damage and financial loss. In addition, the ICO is likely to look more favourably on organisations that can demonstrate that they have at least prepared for such an incident rather than just hope for the best.

A good starting point is the practical advice “10 steps to Cyber Security” provided by the National Cyber Security Centre (NCSC) which is part of GCHQ. The core element is setting up a risk management regime in the same way as you would for legal, regulatory, financial or operational risks. In addition, using the Government's Cyber Essentials scheme gives Cyber Essentials accreditation that allows organisations to advertise that it meets a Government-endorsed standard.    

While the assertion that computer security is a contradiction in terms is unfortunately always likely to hold true, implementing your own cyber security regime now could put in place a vital layer of protection when the reality of the GDPR legislation bites.


4D is a UK based colocation and cloud provider.

Latest blogs

N/A ReliaMax

College Dreams? Here’s How to Get Accepted

Higher education in the United States is not just about getting accepted, it is about where you get accepted. Sure, there are options, there are seemingly endless options - from community colleges to Ivy League schools and everything in between. The Read more »

Bobby Gill GCWealth

Bobby Gill: 3 Ways Fintech is Helping Small Businesses During the Pandemic

Image Source: Pixabay. Back in April, the US oil prices sank to a 20-year low. In the UK, road traffic levels hit a 70-year low. Worldwide, due to lockdown, retail, travel, and restaurant bookings have dropped by 85%. More than 430 million Read more »

Christa Ardley Bitstocks

Bitcoin and blockchain without the b******t

An industry once viewed by the general populace as a haven for criminals and online scammers, and still somewhat marred by fractious in-fighting, Bitcoin and blockchain are gradually casting off their outdated negative reputation; as the focus Read more »

Otabek Nuritdinov Safenetpay

Beyond Payments Services

    Why it really matters for small for medium-sized enterprise (SMEs) to choose the right payments services provider. Strategic planners in the financial services sector often define their business in terms of products that Read more »

Chak Kolli DXC Technology

How Can Insurers Realise the True Value of AI?

As Artificial Intelligence (AI) and digital transformation find their way into every aspect of our daily lives, we are gradually seeing changes taking place in different sectors. Progressively, AI is permeating the insurance value chain and it is Read more »

Related Blogs

Tristan Morgan BT

Cyber security trends for 2020

This has been another busy year in cyber security, with hackers targeting business, governments and major cities across the globe. From a financial services perspective, 2019 witnessed a number of high-profile data breaches, some of the largest to Read more »

Amit Purohit LoginRadius

The Death of Passwords [Infographic]

In the beginning days of the Internet, Users had to remember only few passwords: An email, and a  bank password.But with the rapid development of e-commerce, self-service websites and social media, everyone now has to remember and manage dozens of Read more »

Andre Stoorvogel Rambus

Money20/20 Trends: AI, ‘Everyday Commerce’ and Security

The bright lights of Las Vegas have gone out on Money20/20 for another year. As always, the event brought together the biggest names in payments and provided unprecedented insight into the future of financial services. So, after four days of Read more »

Abdul Naushad PayCommerce

Cyber-security in Cross-Border Payments

As financial institutions make significant investments in cybersecurity technologies and systems, the hacking techniques of those determined to break into those systems and compromise information have become even more sophisticated. From the Read more »

Timo Ahomäki Tieto

WannaCry – What Was Old is New Again

Last Friday, the world saw an outbreak of one of the most extensive malware breaches in a while. This malware, called variously WannaCrypt0r, WannaCry or WCry, managed to infect tens of thousands of computers globally in the matter of hours. While Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel