GDPR and the Information Security Landscape

Written by Conor McHugh

In the last few years, Information Security has moved to the forefront of businesses’ priorities as large institutions’ reliance on technology has grown. There has been a significant increase in the demand for Information Security professionals in the Irish market. A large part of this increased interest stems from the introduction of new EU General Data Protection Regulations (GDPR) which has tightened the data protection policies for companies.

With these GDPR guidelines in place, the financial risk a company takes in not complying more responsibility with data protection and security frameworks, has grown exponentially. Firms are now liable to pay up to €20million in fines or 4% of the company’s global turnover.

Between this and the daily threats carried with hacking, businesses will rely more and more on a cohesive and highly skilled Information Security team. From my experience of recruiting in the security sector, one of the biggest challenges an IS professional will face is getting members of the business on board and engaged with new security policies. The ability to embrace change and stay engaged with how the market evolves has always been the key to a successful company. This is particularly pertinent, now, for companies who hold large amounts of personal data from its customers, the need to embrace changes related to data protection and information security is absolutely imperative.

The demand for a strong security presence is coming from the customer side as well with companies such as (Talk Talk) having received large criticism and a record fine for their data breach, the company continues to try and recover from the fallout with customer loyalty and trust having spiralled.

The Security landscape

GDPR has changed the landscape of Information Security within Europe and the big challenge faced by companies is hiring the right personnel within Data Protection and Information Security who can blend with the rest of the business and implement strict frameworks to comply with the new regulations. The potential fines that come with data breaches under the GDPR would be a critical loss for any business and this will only make threats such as ransomware all the more dangerous as it continues to become a more sophisticated form of cyber-attack.

The pressure to embrace change and make cyber security a major point of emphasis is now very present and the companies who recognise how commercially viable a strong Information Security team is will be sure to prosper while others are left behind.

Conor McHugh
Consultant, Technology Sector
T: 01 874 6770