One of the security obstacles we named as top priority for 2015 was the upcoming EU General Data Protection Regulation, slated to come into force in 2017. Although some time away, the extensive requirements require planning in order to ensure compliance come 2017; in a recent webinar, we addressed how you can prepare now for the compliance landscape of tomorrow.
While we still advocate for current action to prepare for the EU General Data Protection Regulation (GDPR), it appears that there have been some delays in the regulation. As discussed on the Cordery Compliance blog by Jonathan Armstrong, and in a new TechLaw10 podcast, there has been a recent lack of progress on the new Regulation and with these delays comes uncertainty. And uncertainty is not good for business.
David Smith, Deputy Commissioner and Director of Data Protection at the ICO, recently went on record noting that the proposed data protection regulation is “not that close” to being a reality. Right now, it appears that many of the details still need to be hashed out and agreed upon, which means many important nuances of data protection regulation have yet to be decided upon. It is still hoped that everything can be agreed upon by the end of 2015. Maybe.
"But then there’s a lot to be settled in the trilogue and everything’s gone much more slowly than the optimists have predicted up to now,” notes David Smith. “Agreement in the first half of 2016 might be a more realistic prospect.” With two years for implementation, that could push the program start date into 2018.
As Jonathan Armstrong notes in his post, these delays are having their impact on organizations. "Some businesses have grown tired of hearing about the new proposals and are doing nothing,” notes Jonathan Armstrong. With businesses playing the “waiting game,” there will be more of a rush to meet compliance requirements in the final push for implementation. This level of inaction could also result in unnecessary data breaches.
Rather than wait for new regulations, organizations can proactively improve their security now. This security, whether required by law or not, can help prevent costly data breaches over the next 2-3 years. Contact us to learn how Absolute Software can help your organization navigate the choppy regulatory landscape and to mitigate the ever-increasing data security risks.
Jonathan Armstrong is a UK technology and compliance lawyer at Cordery and is data regulation advisor here at Absolute Software.