Whitepaper: Dealing with new EU data-protection regulation


British Telecommunication (BT) has published its newest whitepaper titled “Dealing with new EU data-protection regulation” which focuses on the General Data Protection Regulation (GDPR) and its implementation as well as ways to limit threats to enterprises/organizations and their data.

The General Data Protection Regulation (GDPR) will come into force next year and provide EU citizens greater rights when it comes to their personal information as well as put a lot of pressure on enterprises and organizations to ensure the security of such data.

According to the whitepaper, written by Anita Bencsik, Data Security Senior Consultant, and Jose Francisco Pereiro Seco, BT Head of Data Security Europe, organizations will need to embed data protection at every level of their business as well as incorporate it into their processes.

The whitepaper defines a combination of detective, preventative, proactive and reactive security controls which should be used for every process, IT application, or an area of infrastructure, in order to ensure the protection of privacy.

As the GDPR will introduce stiff penalties and fines for companies, there is a significant need for a full security strategy that will at least minimize the threat and reduce a risk of a serious data-security breach.

The whitepaper suggests that organizations need to focus on certain things in order to adapt existing security infrastructure and ensure data is secure.

  • gain a thorough understanding of how data moves around their business (and the associated processes)
  • have a specific workstream dedicated to security review (gap analysis and assessment) within their data-protection programmes
  • address gaps and (where necessary) redesign security architecture
  • implement technical and organizational security controls, including the development of security

In addition, organizations also need to stay ahead of new processes in order to protect data and meet regulatory requirements. Some of the biggest threats to organizations include accidental data leaks, disloyal employees, and cyber-crime.

The so-called “privacy by design and by default” approach is pretty much the cornerstone of the GDPR which means that organizations need to consider the impact that processing personal data can have on an individual’s privacy, or precisely, the privacy of EU citizens.

Implementation of the GDPR will also bring certain technical challenges and the whitepaper outlines some of them, including cloud computing, Big Data, shadow IT, mobility and Internet of Things (IoT).

The whitepaper also talks about managing data security with NIST (the National Institute of Standards and Technology) and the Cybersecurity Framework which consists of five stages that organizations can use as a methodology.

Digital transformation is obviously the way forward but recent trends in cloud computing, Big Data, and the Internet of Things has a great impact on data security. With the GDPR coming into force in May 2018, will force enterprises and organizations to have built-in security that will protect data by design and by default.

The whitepaper concludes that compliance to the GDPR will involve a holistic review of risk and be an ongoing effort that will involve the classic trio, people, processes, and Technology. While protecting personal data and complying with the rules is quite important, enterprises and organizations need to consider it as protecting customers, brand and the future.

You can download BT’s “Dealing with new EU data-protection regulation” whitepaper over at Bitpipe.com (possible registration is required).