EU data protection regulation overhaul a ‘game changer’

LONDON—European organizations—and the companies insuring them—have a 2-year warning, as new cyber-risk regulations are sure to change the landscape.

“This is a wakeup call,” Michael Bruemmer, vice president of Experian’s Data Breach Resolution Group, said at Advisen’s Cyber Risk Insights Conference here. “This is a game-changer in the EU, in my estimation.”

The exact details of the General Data Protection Regulation (GDPR) remain uncertain but it did gain political agreement late last year—a significant accomplishment considering the number of multiple states to which it applies.

The regulation from the European Commission looks to strengthen data protection for individuals in European Union, and holds new obligations on data transfers, consent and what has become to be known as “the right to be forgotten.”

 The text remains unpublished but it is expected to gain formal adoption in April, according to Raluca Boroianu-Omura, manager of conduct regulation at the Association of British Insurers.

Provisions within the regulation with take effect after a 2-year transition period.

 Organizations “need to be serious about what kind of confidential information is stored, where it is and who has it,” said Laurent Heslault, chief security strategist for Symantec. The time between the regulation’s final adoption and its active use should be spent wisely, he added.

 This story in an excerpt of the original. The content originally appeared in Cyber Front Page News. To read the whole story, you must be a subscriber. Subscribe now.