In 2018, the world of security will have something new to worry about. It’s called the General Data Protection Regulation (DPA), known more commonly as GDPR.

Although the legislation originates from the EU, almost every major US and UK company will have to comply with its rules. Critically, failure to do so will mean far bigger fines than ever before.
Firstly, it’s going to be a lot easier to fall foul of the guidelines.
Companies no longer simply have to avoid breaches that cause actual or financial damage to consumers, they must avoid any kind of ‘distress’ caused by a breach.
The data included in the scope of the GDPR is far broader than the DPA ever encompassed, and now includes everything from IP address to geolocation data.
Furthermore, the GDPR outlines scenarios in which penalties may still be administered even without a breach occurring if it can be proved that the organization is not taking serious measures to prevent breaches from happening.
Companies will now also have less time than before and are now mandated to disclose a breach within 24-72hrs of it happening.
Clearly, by 2018 it’s going to be a lot harder to ensure your company is compliant.
[text-blocks id=”gdpr-mobile-implications”]

The cost of compliance

The GDPR almost certainly means an increase in security costs and procedures for most companies, as they appoint new staff to data protection roles and begin to adopt an increasing number of security solutions.
However, the cost of forgoing these new investments is likely to be much, much higher.
The new penalties included in the GDPR are forty times higher than those included in the DPA. The maximum fine is now €20m or could even be as high as 4% of turnover.
This represents a huge new cost to bear if and when a breach occurs. Crucially, breaches are becoming increasingly common, and have been found in a number of high profile brands in recent months. Although leaks such as Yahoo and AdultFriendFinder may make the news, a growing volume of smaller-scale breaches are continually surfacing and could spell disaster for many businesses.
Six things you need to know about the new data breach legislation
TalkTalk, the UK-based telecommunications company, exposed 4% of its customers’ sensitive data in a breach back in October 2015. It received £400,000 in fines, which would likely have been a much higher number had the GDPR been in effect.
Even more damaging was the reputational hit that the company suffered. TalkTalk underwent huge losses through its subsequent fall in share price, as a direct result of the breach. Two weeks before the breach happened on October 21st, the company’s shares were trading at 314p a share. Two weeks after it, the price had plummeted to just 220p per share, a dip of more than a third and wiping £1bn off the organisation’s market value.
One year after the breach, the stock was still yet to recover, trading at just over 200p a share. Clearly, the impact of a breach can be significant.

The mobile implications of GDPR

CIOs and other security leaders at major organizations will need to prepare for GDPR sooner rather than later. Three key areas should be considered when planning for the mobile elements of a security audit in line with GDPR.

  • Threats – Know when your organisation is under attack, ensuring rapid compliance with GDPR notification deadlines.
  • Vulnerability assessments – Know when your organisation has holes that need to be patched before they are exploited, avoiding extremely expensive incidents.
  • Data leaks – Know which applications and sites are not protecting your employees’ private data.

Ensuring your enterprise is prepared for GDPR will be a complex and detailed project. You can download our white paper on the security implications for GDPR here.
To talk to one of our experts about adopting compliant mobile security practices that keep your business protected and free from risk, request a demo of Wandera today.