According to the European Commission, two billion people are currently connected to the Internet, and this number is expected to increase to three billion very soon. For many entrepreneurs, this trend offers numerous commercial opportunities, but it also presents serious concerns and challenges. The malicious exploitation of security loopholes could have an adverse effect on profitability and brand reputation. Moreover, one of the worst fears of any business owner is the realization that the data stored in their network could be vulnerable to attacks.

The European Union's new General Data Protection Regulation (GPDR) heralds a milestone in data security procedures.

As of May 25, 2018, companies wishing to engage in business with Europe or to establish connections with European clients will have to comply with GDPR as the standard for all EU member countries. As with all other EU regulations, this regulation does not require any individual national legislation to be implemented.

The new regulation prescribes new mandatory responsibilities, places a greater emphasis on client rights and imposes restrictions on international data exchange. The new initiative will lead organizations to rethink the way they handle personal data. Many corporate leaders feel more committed when they face fines and penalties, or when they are concerned about becoming the first example of regulatory disobedience. With fines that can amount to 4% of the turnover or 20 million Euro, companies of any magnitude simply cannot afford data hacks.

From time immemorial, trust has been the very foundation for business transactions between different parties, and when the business transactions are conducted over the Internet, trust is even more important, as in this case the parties never actually meet. In order to protect sensitive data, GDPR demands a risk-based access control, which includes the implementation of security procedures. The exposure of client data will have serious consequences, and any situation of regulatory disobedience will incur heavy fines.

Like any other regulation, GDPR may be regarded as a costly and time-consuming factor. However, it may also be regarded as a business-empowering element, which enables organizations to conduct their business activities in new markets and as a differentiating element, which promotes solid control over data security.

Over time, data become more difficult to monitor and track across the extensive range of devices and behavior patterns of workplace mobile users. The implication is that if companies fail to enhance their security measures accordingly, they will, in fact, jeopardize their data and could find themselves disobeying regulations. It is essential to secure client data that may be accessed through mobile devices in order to prevent a significant crisis. Similarly, companies wishing to store their data in the cloud should be the exclusive owners and remain in full control of said data; they should address the issue of policy management and seek encryption solutions in order to ensure that they would remain the only party capable of opening the relevant files.

As part of the regulation, companies will be required to inform the regulators within 72 hours of the moment they become aware of a hack, regardless of whether the hack had affected their clients and employees or not. The report must be comprehensive and list the hacking mode, the number of datasets exposed, contact details of the executives responsible for the data and the measures the company intends to take in order to address the issue.

Personal information is like a passport. If you submit your passport, you will, in fact hand over your identity. Proper procedures, on the other hand, help instill better on-line habits that contribute to the global digital community. There are those who maintain that more rules and regulations will restrict business operations, but GDPR is an initiative regarded as a positive changer of the game rules. It will provide important parameters for commerce within the EU and would, in fact, protect the essential data of various communities.

Understanding the data and being able to control, analyze, put them in context and monitor their flow are essential for the management of personal and organizational information. Data are being generated at any given moment – and datasets are not static. They are flexible and evolving and move along multiple platforms and sources. Data stored by the organization is an essential element in the lifecycle of commercial intelligence.

The information/data security manager is an essential element within the organization as far as ensuring compliance with GDPR is concerned. Essentially, most companies will have to employ a specialist who would manage the information/data security activity of the business. They should also enter associations with suppliers of application security and cloud solutions so that these suppliers may support the companies' information/data security strategies.

Cybercrime is not restricted to specific regions or a specific type of business – everyone is affected by it, from the business world to private social communities. The supply of goods and services drives the wheels of the economy, while at the same time, unscrupulous hackers prey on our valuable data. Data equal dollars and this is the appropriate time to secure them.

The concept of a standard data security regulation for the European Union is a good idea. The regulation was designed so as to bridge over the existing gaps in the free sectors of digital commerce where we operate. Consequently, innovative solutions and data security services will provide significant assistance for the task of securing the data that reside in the critical applications of the business.

The information/data security market is one of the world's fastest growing sectors. The European Union has already taken the lead in the development of a solid information/data security culture and has implemented significant measures against those who fail to comply. This is the time to put your data in the right place, as otherwise – the GDPR deadline will expose the gaps in the privacy of your digital data. Be prepared. Comply with the regulation and be safe!

***

Shoshi Leibowitz is in charge of the operations of the F5 Networks Company in Israel, Greece and Cyprus