IT staff bearing brunt of EU General Data Protection Regulation planning

Whose problem?

With EU Commissioners this week offering another commitment to conclude long-running negotiations to introduce the General Data Protection Regulation (GDPR) by the end of 2015, IT departments appear to be the ones handed the job of working out how to meet its demands, a FireEye survey has found.

Overall, GDPR readiness seems to be high among large UK, German and French enterprises, with two thirds telling the firm they had put in most or all of the security measures needed to comply with it.

The figures were as encouraging for the EU's high-level Network and Information Security (NIS) Directive, with 39 percent confident they had done everything required to meet its requirements, and 37 percent rating their readiness as at least good.

This contrasts with a November survey that found that half of IT staff in the same three countries weren't even sure what GDPR stood for, although in that example participants were drawn from firms with a wider range of sizes.

More surprisingly, data protection and security legislation that was meant to grab the full attention of management seems in 62 percent of cases to have become the primary responsibility of IT staff, followed by legal department on 36 percent and outside consultants on 34 percent.

There is some ambiguity in how one might interpret this. It could be that management have limited their role to planning oversight or it could be that the sheer complexity of implementation is just beyond non-specialists and so firms are relying on IT staff to make the right calls.

For now, a quarter of respondents said that the biggest challenge to meeting the demands of the GDPR was the investment in new hardware and software required, followed by 18 percent worried about wrangles over data policy.

The impact the GDPR would have on breaches, their reporting and aftermath remains at the forefront of anxieties.

"The new EU security and privacy requirements are incredibly important and will greatly increase the security obligations of European organisations," said FireEye's international government affairs director, Adam Palmer.

"We encourage organisations of all sizes to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute a majority of advanced attacks in today's threat environment."

Meanwhile, the GDPR rumbles on through its complex layers of approval, with the Commission and the current Latvian presidency committed to tying up as many loose ends by June.

Exactly when the GDPR will emerge from the discussions among the Justice Council and head for the European Parliament for the last time is still up in the air. Using the annual Data Protection Day as a prompt, Vice-President Andrus Ansip and Commissioner V?ra Jourov issued a statement that at least reiterated the accepted timetable.

"We must conclude the ongoing negotiations on the data protection reform before the end of this year. By the 10th European Data Protection Day, we are confident that we will be able to say that the EU remains the global gold standard in the protection of personal data," they said.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityFireEyeIT Business

More about EUEuropean ParliamentFireEye

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place