General Data Protection Regulation
The legal drivers increasing cyber risk complexity
The legal drivers increasing cyber risk complexity
Cyber threats have risen up the agenda for businesses in the last couple of years, propelled by some of the high-profile incidents referenced in earlier chapters. The average cost of a data breach continues to rise, and this number is likely to grow even further as the cyber risk landscape becomes ever more complicated.
Governments around the world are updating and passing new laws to improve the security and resilience of electronic networks, systems and data. One key feature of these new laws is the potential for an increase in penalties and sanctions levied at businesses that fail to adhere to their requirements.
In Europe the European General Data Protection Regulation (GDPR) seeks to protect citizen’s privacy and data security and will significantly increase the burden on businesses holding electronic data.
Key aspects include:
The GDPR will come into effect across European Member States on 25 May 2018. It aims to bring European data protection laws up to date with the modern technological possibilities of the ‘Big Data’ age, harmonise the varied data protection laws across Europe and even bring companies situated outside the EU within the scope of European law in certain circumstances.