EU demands more IT visibility
The European Commission has issued a new version of its Data Protection Directive which requires mandatory data breach notifications.
The new ruling applies to public and private sector organisations, requiring them to report any breaches to relevant supervisory authorities, such as the Information Commissioner's Office in the UK, as well as inform any seriously affected individuals – all within 24 hours.
Organisations that fail to alert on or notify a personal data breach in a timely or complete fashion to the supervisory authority will face fines of up to 2 percent of their current revenues. The legislation will take effect two years after it has been adopted.
Ross Brewer, vice president and managing director for international markets, LogRhythm, commented: "This new law makes it essential for organisations to improve the use of the data generated by their IT systems, in order for any aberrant activity to be more quickly and effectively identified. Unfortunately, all too often this information is managed in an inefficient and disparate manner. This can lead to inaccurate data breach notifications being issued, as many organisations are unable to accurately identify exactly what the breach entailed.
Varonis Systems has welcomed news that a common set of privacy standards are to be applied to organisations across the entire European Union for the first time. - as well as a gameplan that includes immediate notification of breaches and other 'data misplacements'.
David Gibson, the firm's director of strategy the introduction of a single set of privacy standards for all EU territories is long overdue, although he notes that the migration to the new rules may be a complex process for some multinationals and those firms who are pushing into new countries for the first time.
