#TEISS17: The Economist’s Edward Lucas talks GDPR

If companies fall foul of the new European Union General Data Protection Regulation (GDPR) which comes into effect on the 25th May 2018 they could be subject to a fine of up to 4 per cent of global annual turnover, says Edward Lucas, senior editor at The Economist.

Speaking at The European Information Security Summit (TEISS 2017), he says: “It is a great mistake not to take this stuff seriously. If you look at the history of EU enforcement, some of the biggest companies like Microsoft and Gazprom have fallen foul of the laws.”

He says: “Things are going to go wrong, but did you take reasonable precautions. If you have not met a bunch of standards it is going to be serious.”

According to Lucas there are a lot of companies that presently do not realise they could be impacted by the GDPR as all a company needs to have is 5000 data subjects in the EU to be impacted.

He says: “This could be information on employers, stakeholders, even if a company keeps data on people from a website and they are from the EU. It is very broad scope.”

For companies to prepare themselves against cyber breaches, Lucas advises firms should firstly do an assessment of the data they hold, looking at why they are holding it and where the risks are.

Secondly, he explains, companies should look towards building a prevention strategy by making sure everything is encrypted and understanding who holds access to the data.

Lastly, he says, firms should have a detection policy in place which involves having good visibility over the network.