Standards must be driven by real world and not by lawyers and policy makers
A new set of standards along with recognised accreditation will be necessary if the new General Data Protection Regulations are to be implemented effectively, The Bunker states today. The non-prescriptive nature of the new regulations means that clear standards will be required to bring clarity to the market and help both cloud providers and end-users undertake due-diligence effectively.
The GDPR was formally passed on 14 April this year, as part of the European Commission’s Digital Single Market Strategy. It is designed to better protect citizen’s data and harmonise legislation across the European Union (EU). The GDPR brings an array of new guidelines for organisations in relation to Personally Identifiable Information (PII) and it stipulates the Auditable Assurance that all companies will need to demonstrate when controlling or processing PII.
Businesses operating within the EU have until 2018 to implement the required changes. However, a standard is yet to be put in place that specifies if what organisations have enforced can be deemed as appropriate Technical and Organisational Measures (TOMs), to comply with the terms of the GDPR when scrutinised in a court of law.
According to Phil Bindley, CTO of The Bunker: “The wording of the regulation indicates that at some point in the future someone will create a standard that helps organisations understand the requirement in the context of TOMs. It would be ideal if this defines what needs to be done to demonstrate compliance with the standard and provides support accreditation.
“The subsequent issue is then raised of who will actually create this standard. It can’t just be left to policy makers and lawyers. This needs insight into the ‘real world’ of information security practice. It also needs to drive a consistent set of behaviours and promote the culture that change is needed inside organisations to achieve proper security for the right reasons, not just the fear factor.
“If we allow policy makers and lawyers to dictate the terms, then as information security professionals, we have missed a once in a lifetime opportunity to evangelise the positive benefits of taking the right approach to security.
“The GDPR is certainly a defining moment in the way businesses need to think about data protection. With or without a ‘GDPR Standard’ I am confident that by applying the knowledge, expertise, processes and culture we have created over the past 12 years, The Bunker genuinely helps customers old and new to comply with the terms of the regulations. And, we are more than prepared for this,” concludes Bindley
About The Bunker
The Bunker is a trusted partner for compliant and secure outsourced infrastructure and data storage. With fully owned UK data centres outside the M25 yet within easy reach of London, we provide Managed Hosting, Colocation, and Cloud Infrastructure and Storage to businesses that value the confidentiality, integrity and availability of their applications and data.
At The Bunker, we believe that Information Security should enable businesses to be more competitive, manage risk, protect brand and allow innovation in a controlled manner. We’ve adhered to this philosophy for more than a decade, keeping some of the most demanding businesses compliant, secure and available. Our data centres are former nuclear bunkers upgraded with millions of pounds of investment in networking infrastructure, fire suppression, power and cooling. We are service led, compliant, and secure by design.