Firms can’t afford to overlook changes in data protection laws
The European Union’s General Data Protection Regulation was adopted in Strasbourg earlier this month, following four years of weighty negotiations.
Legislators had argued that the previous directive needed to be replaced as a matter of urgency, having been introduced in 1995.
With the internet still in its infancy at the time, there was recognition that a new legal framework – which took account of social media, smart phones and other technological advances - should be a priority.
Newspaper reporting has to some extent focused on what the new rules will mean for individuals, particularly in relation to the “right to be forgotten.”
However, the directive also imposed new obligations on companies, with more stringent penalties for those firms who fail to comply.
Andrew Rogoyski, a cyber security expert, told The Independent that businesses needed to be sure that they were aware of the changes, not least because breaches could do major harm to consumer confidence.
“The first mistake that organisations made is to assume this is just an IT issue, it’s not. It is a very significant business risk and needs to be dealt with at senior leadership level,” he said.