The EU could ‘set an example’ by handing out big fines for businesses who fail to comply when new GDPR rules come into force next year.
General Data Protection Regulation is scheduled for May 2018 and will require businesses to have a clear process for managing data breaches.
They will have to seek consent to store information and offer additional rights to those to whom the data belongs, including the right to be forgotten and portability of data.
Earlier this month, a survey by Calligo found 69 per cent of companies were neglecting to ensure compliance with the GDPR.
Drew Nielsen, chief trust officer with Druva, said that number was worryingly ‘accurate’.
In an exclusive chat with BusinessCloud, the Silicon Valley native warned businesses against being among the first to bear the brunt of the EU’s wrath.
“I’m betting that the EU is going to smack somebody. Really, those first few test cases and fines are going to set a tone.
“I think it’s highly possible [the EU will try to set an example], but I also think if they go down that route, depending on how litigious their target is, that will also take time.
“It depends on what type of message they want to send.”
Companies falling victim to a data breach will face three questions from the Information Commissioner’s Office: did you prevent the breach from happening, what did you do once you found out about it, and what will you do to prevent it from happening again?
Those that breach GDPR can face fines of four per cent of turnover or 20m euros.
Nielsen says the biggest challenge facing businesses is “not being able to know where all their data is”.
He added: “With GDPR, there’s no single technology solution and there’s no single consultancy firm that is going to solve this problem for you.
“This is a fundamental change to how your organisation will operate – technologically and from a process perspective.”
Druva is a cloud-based data protection company that works with the likes of Amazon and Microsoft.
It has more than 4,400 customers worldwide including the likes of KPMG, Deloitte, NASA and Santander.
As chief trust officer, Nielsen helps clients deal with security, privacy, compliance, as well as availability and safety of data.
He said: “It really focusses on communicating the security strategy of an organisation, or a cloud provider like Druva – working with customers so they trust their data is safe and secure.
“As more and more organisations put critical data into the cloud, they want to trust their data is safe, and trust they’re going to have access to it. And they want to trust their overall experience, protecting their information no matter where it is.”
Drew Nielsen’s three tips for companies ahead of GDPR’s introduction are:
- Be able to collect data from all your corporate assets
- Make sure you have a robust security programme in place
- Understand the process impact that it’s going to have to your organisation