At a techUK event last week to mark 12 months until GDPR 'goes live', Andrew Rogoyski, VP Cyber Security Services at CGI UK, estimated that the negative impact of a data breach on a company's share price could rise from 1.8 per cent today, to between five and ten per cent under GDPR.
The new GDPR rules place significantly greater responsibilities on organisations over how they handle personal data. Not just that of customers, but employees, contractors, suppliers and contacts.
One interesting challenge for a modern enterprise is 'shadow data' -the increasing quantity of data that lives beyond the reach of traditional IT. If any of your people use third party cloud storage, productivity, calendar or team collaboration apps there will be data out there that is beyond the reach and protection of your IT and compliance operations.
The challenges of unstructured 'shadow' data can appear easy to kick into the long grass. As we said in our last post, the problem is ill-defined, hard to nail down and, besides, most companies are in the same boat.
If you still don't think you have a problem, consider this: most organisations are using 20 times more cloud apps than they think, with enterprises using an average of 928.
In short, not only will you have to comply with the GDPR for all the data held in your enterprise systems, but also for all the unstructured data employees are storing in cloud apps, whether sanctioned by your organisation or not.
The anxiety part? A report last year by Elastica Cloud Threats Lab found that 98 per cent of cloud apps are not GDPR ready. Just two per cent of apps are ready. In fact, one of the few to be ready is Dropbox, who have taken the step of moving its European operations to AWS servers in Germany so that it is compliant for customers in the EU.
One aspect of the new regulation is that data can only be exported outside the EU to countries that have equivalent data protection rules in place - which rules out the US.
And GDPR gives regulators a big stick - fines of up to 4 per cent of global turnover or €20million. With strict new breach reporting stipulations, many see the reputational damage for brands as equally severe.
Organisations will need compliance tools that are capable of taking an enterprise-wide view of apps and the unstructured data they hold, enforcing rules flagging up violations.
At Blink we're creating a new intelligent layer for your cloud apps - a messaging app that becomes a universal interface to work via intelligent bots and micro-apps. Everything in one place.
Your data can be located within the EU (or elsewhere, if you choose) and we have an integrated GDPR dashboard for real-time alerting. We're now expanding our compliance engine to reach all your cloud apps, creating a single enterprise fabric for unstructured data.
Blink makes possible a digital workplace that lets people work they way they want - with instant messaging, bots and team-working - while providing enterprise-level security and compliance. We're a new type of enterprise software company and we'd love to talk to you.
Blink helps you inform, connect and enable everyone in your workforce through it's unique personalised feed. We are not another intranet. Enter your email address on joinblink.com to get started today.