GDPR Workshops

GDPR Workshops

The GDPR (General Data Protection Regulation) marks the biggest change in data protection law for 20 years. This includes: fewer data protection principles; the right to be forgotten; a new obligation to report data breaches; and an increase in fines of up to 4% of global turnover or 20 million euros (whichever is the greater) […]

EU Data Protection Regulation

EU Data Protection Regulation

David Smith is the UK’s Deputy Information Commissioner As well as providing Data Protection leadership across the ICO, he has direct responsibility for oversight of its Strategic Liaison Division which develops and manages the ICO’s relations with its key stakeholders. You may have seen my recent blog offering an update on progress on EU data protection regulation […]

No legal certainty for SMEs with Data Protection Reform

No legal certainty for SMEs with Data Protection Reform

The proposed General Data Protection Regulation (GDPR) continues to cause controversy, despite the political agreement reached this week on a compromise text in the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). Despite over 4,000 tabled amendments made to date, the GDPR won’t provide a single framework for Data Protection in Europe. This will […]

Consultation Response – EU Network and Information Security Directive

E RADAR has submitted its response to the UK Government’s consultation on the proposed EU Directive on Network and Information Security Online business is global business. The revolution of digital technologies has changed society and our economy fundamentally. The ease of accessibility and searchability of information contained in computer systems, combined with the practically unlimited […]

Working with business and governments to ensure our online systems stay secure

Working with business and governments to ensure our online systems stay secure

| Number of views :55

I have long been convinced about the many benefits of new digital services – and remain so. These are tools we all can enjoy and benefit from – more convenient, more efficient and offering a huge boost to our economy and society.

But recent allegations remind us how important privacy is. People will only use those services as much as they trust them. Trust that they or their data won’t be compromised, hacked into or spied on. Particularly if they’re sharing personal or sensitive information online.

To ensure that trust, we need networks and systems that are secure and resilient; and that calls for proper cybersecurity practice everywhere.

The fact is, too often, big ICT users like businesses or governments underestimate the risks they face. They need to not just become more aware of those risks – but to manage them. This is become truly urgent. Every week, we seem to hear about new incidents: loss of passwords, attacks on banks, hacking of websites or systems.

Technology is rapidly evolving; so are threats. A lot of businesses seem to think just using basic ICT security tools is enough – but in general it isn’t. Proper risk management practice means things like dynamically assessing and mitigating risks. It also helps to exchange information on threats and vulnerabilities – and perhaps, if there is actually an incident, to respond together. Those processes and practices need to be well-thought-through and fully embedded, not an afterthought or box-ticking exercise.

But how do we identify and embed such good practices, across the ICT value chain? We call in the experts. Our Cybersecurity Strategy, published in February, calls for a platform bringing together public and private stakeholders to do exactly that – and to ensure the kind of market where secure ICT solutions can be developed and taken up.  And that platform had its first meeting just yesterday.

Featuring top experts from a range of organisations—from national governments to ICT companies; banks to service providers—the Platform is looking at exactly these areas: like how to provide incentives to manage and measure risks; how to exchange information about risks and incidents; and input to the Research and Innovation agenda.

They have my full support. Their findings will help ICT users prepare and work together better; and they will feed into Commission Recommendations on cybersecurity due in 2014, in areas from risk management to incident reporting. Ultimately, they will build a digital Europe that is more cyber-resilient, and less prone to hacking and security breaches.

And of course, this is in parallel with legislative work we are doing on the proposed Directive on Network and Information Security: ensuring that critical infrastructure and Internet enablers stay cybersecure. So I will be working closely with the European Parliament and Council to ensure this proposal is agreed as a matter of urgency; these days, protecting our networks and systems should be every politician’s top priority.

This matters. As more and more people – and more and more core economic sectors – get connected and start relying on digital systems, ensuring security is no longer just an issue for telecoms providers: it’s also something that matters to governments, banks, transport companies, energy grids, health providers and more.

So I hope that this platform gets to work straight away – I’m confident that soon it can raise the bar and raise awareness about the cybersecurity risks businesses and governments face – and help stimulate the solutions, too.