GDPR: Some organisations are looking forward to it; for others it's a 'pain in the bum'

Some IT leaders believe GDPR will make their lives easier by forcing their supply chain to tighten up, but others are more concerned about their own organisation's compliance

Some organisations are looking forward to the EU's General Data Protection Regulation, which will introduce stricter security requirements and larger fines for data breaches, whilst others are more fearful of the consequences.

That's one of the conclusions to come out of Computing's recent Cybersecurity Strategy Briefing ‘Keeping up with evolving cyber threats', aimed at the financial sector.

Speaking at the event, Kevin Flood, information risk and security consultant for Prudential Assurance, explained that he is looking forward to the regulation, which will come into force in the UK in May 2018 - although some experts have stated that the GDPR is already technically in force.

"I'm looking forward to the GDPR as my main function is supply chain management, and for years I've been messed around by data processors," said Flood. "And now under GDPR they need to care more about the same risks I care about."

Others were less positive, but still accepted that the regulation will help in some ways, for instance in promoting the idea of security to the board.

"GDPR will be a pain in the bum," said Peter Agathangelou, associate director at Hamilton Fraser Insurance. "But like ISO 270001 and other standards, it creates an environment where the boardroom takes security matters more seriously."

Discussing the attitude he sees among his clients, Simon Wilson, account manager at security firm Darktrace, explained how his organisation can help.

"A lot of organisations are scared of GDPR," said Wilson. "The way we approach it is that we can assist with compliance and auditing. We give visibility of threats and your network itself. That enables organisations to be forward facing and understand what they need to do to be compliant," he added.

Having previously described his own optimism around GDPR, Flood added that not everyone in his business is so keen.

"The business is not looking forward to GDPR as much as me, but it will be useful for managing suppliers. These days we're looking for more liability and indemnity clauses in our contracts, so suppliers are finding us tougher in terms of what we're asking for. The challenge now is that every contract needs heavier negotiation. Every contract now is less of a tick box, more about proper risks being weighed against what a supplier provides."

Earlier at the event, Wilson told delegates that security compromise is not entirely preventable, and that most organisations are probably already compromised.

Computing's IT Leaders Forum 2017 is coming on 24 May 2017.

The theme this year is "Going Digital: Why your most difficult customer is your best friend".

Attendence is free, but strictly limited to IT Leaders. To find out more and to apply for your place, check out the IT Leaders Forum website.