EU data law changes are a security channel opportunity

Changes to the EU data protection laws should provide security channel specialists with a chance to provide large amounts of customer support

The prospect of massive fines and obligatory disclosure of data breaches are looming on the horizon as tough EU data protection laws get closer to coming into force.

Under the proposed EU directive firms that suffer a breach will have to inform authorities and customers and could be fined millions if they are found to be negligent.

The fines will be handed out on the basis of how far the firm took "appropriate measures" to protect its data, which should provide a significant opportunity for resellers.

As customers look for help proving they took the right steps and had the best procedures and policies more are likely to turn to the channel to help ease the headaches around that process.

Speaking at a Sophos roundtable in London, James Lyne, global head of research at Sophos, said that the channel could provide customers with a great deal of guidance as the data laws started to get closer to implementation.

"It will be a services play and there will be a lot of work getting the incident reporting [set up] and infrastructure services," he said.

But he warned that there was only so far the channel could go and customers themselves had to improve their approach to data security.

"You can't outsource the responsibility but you can outsource a lot of the hard work," he said.

He added that most of the changes that would be caused by the EU data directive were actually common sense and best practice.

Anthony Merry, director of data protection at Sophos, said that the need for education continued and customers had to be informed about the best way to approach data protection.

Data encryption, better passwords and a greater awareness of the dangers of sharing and losing information were all areas he suggested could be improved in the run up to proposed changes, which he expected to be ratified next year.

The timetable for the introduction of the EU data laws could see the proposal getting closer to becoming law around this time next year. Once ratified there will be a two year grace period for member states to get to to speed with the changes.

Merry said there was an urgency in Brussels around data protection laws that meant that the law could get through slightly quicker than most legislation, which can get bogged down in arguments between member states and delays for years.

Read more on Data Protection Services