PRINT
IT
RESELLER.UK
29
COMPLIANCE
NTT Security, the specialised security
company of NTT Group, says that
businesses are falling into traps
of complacency when it comes to
preparing for the upcoming GDPR.
Rob Bickmore, Principal Security
Consultant at NTT Security said:
“Complacency could well become an
organisation's new enemy.”
The company asserts that businesses
are still unsure on the actions needed to
ensure full compliance ahead of the 25
May 2018 deadline. It warns that some
have proactively implemented programmes,
yet found that gaps still exist, leaving them
vulnerable to fines of up to
€
20 million or
four per cent or annual global turnover –
whichever is higher.
The company has launched a
According to NTT Security, complacency could be the downfall to organisations
effectively achieving Global Data Protection Regulation (GDPR) compliance
Creating clarity around
achieving GDPR compliance
comprehensive portfolio of GDPR services
in the UK for organisations looking for
clarity about their current readiness.
“Businesses know that GDPR is fast
approaching, but there is uncertainty as to
what specifically is required and where the
focus needs to be,” Bickmore said. “Our
comprehensive range of GDPR services
fills the gaps and translates GDPR into
a language that everyone, from the top
down, will understand and be able to act
upon.”
According to NTT Security, common
complacency traps include a number of
misconceptions:
n
ISO27001 is enough to cover GDPR.
Implementation of controls aligned to this
certification is a great start, but they are
only part of the bigger picture.
It’s been a
revolving door
– every single
day people
are coming in
to visit us and
make use of
the facilities
in a variety of
ways
n
The same exercise has already been
done when planning for PCI DSS. Any
controls implemented for PCI DSS will
need to be extended to include Personal
Identifiable Information (PII), which even
then is only part of the GDPR requirements.
n
The organisation’s GDPR programme
is being handled by the legal or IT team.
GDPR compliance is actually everyone’s
responsibility. It should not be left to one
team – legal, IT, HR and other business
functions must all be involved with visible
support from the executive level.
n
It is not the organisation’s problem
because they have outsourced all data
processing to a third party. Processors
are indeed liable for protecting PII under
the GDPR, but the responsibility is still on
the data controller to ensure processors
implement ‘technical and organisational
measures’ to protect the information.
