Pat Phillips, practice director at Xceed said:
“While not an imminent threat, the new EU data regulations will cause quite a stir amongst businesses and IT security professionals. For example, the appointment of a data protection officer will be the least of concerns, although if it’s a cap that cannot be worn by an existing staff member there may be a surge in recruitment for those specialising in compliance.
“The real worries are around those parts of the bill that can directly impact the bottom line. With the threat of a fine of up to five per cent of annual global turnover, CISOs will already be girding themselves for safeguarding the businesses profitability alongside its data.
“Ultimately, the changes to the EU regulations are long overdue. Technology, data gathering and data management have moved well beyond what the original act catered for. The consultation period should provide a reprieve, allowing time for most businesses to analyse their systems and procedures in order to begin planning the IT and organisational changes to tighten up security and ensure that processes are in place to effectively manage a breach, should one occur.
“In the UK, the ICO has long been seen as a rather toothless animal when it comes to punishing those who breach the Data Protection Act, particularly as so many instances go unreported. This new European level regulation is a stark reminder for companies to take data security seriously, or risk the future of their business.”