ar130405 - Fotolia
Next year should see quite a bit of activity on the security front as customers start to prepare for the GDPR regulations that are due to come into force in May 2018.
Customers are worried about the legislation and regardless of Brexit there is an expectation that British businesses will have to adhere to the EU privacy rules.
KPMG has found that there are real concerns among CEOs in the UK that business will be harmed unless data protection rules align with what is coming out of Europe.
"The worry amongst this cohort of CEOs in understandable. Once GDPR is enforced in May 2018, it will fundamentally alter the way we live, work and interact with technology, orgainisations and each other," said mark Thompson, global privacy advisory lead at KPMG.
"Whilst the UK is likely to implement the GDPR, Brexit poses some uncertainty on what GDPR will mean to the UK post-Brexit, it is critical to understand that if the UK is going to continue to trade with the EU this free flow of personal information must be maintained. As such we will need to have an 'adequate privacy ecosystem' in operation in the UK which is aligned to the requirements of the GDPR," he added.
KPMG is advising companies to take some immediate steps (see box) to make sure they are in a position to meet the requirements of GDPR.
Some are already doing that, particularly those in verticals like health and legal, which require strict protection of user data.
Dave Allen, vice president Western Europe, Palo Alto Networks, said that it was expecting next year to be a busy one as customers started to ramp up their investments in data protection.
"2017 is going to be a year of activity. Those partners investing in knowledge in these areas will find that GDPR creates opportunity," he said.
Allen added that with the pressure also coming on those who processed information as well as the 'controllers' under the legislation there should be more chances to speak to a wider number of customers in the supply chain.
"Partners will get a chance to talk to companies they had not been talking in the past. These forces are coming together and that creates an opportunity for us," he said.
KPMG is advising customers to take steps to deal with GDPR now, recommending immediate action on the following:
1. Raise awareness at the board level – the board needs to understand the implications of the GDPR and be bought into the need to make enhancements. This should result in the funding being made available to undertake a privacy improvement programme.
2. Understand current state and set desired state – conduct a gap analysis against the GDPR to understand where your organisation is exposed to risk and determine what the risk appetite is.
3. Plan and implement – create a detailed plan to enable the desired risk appetite to be reached and undertake a privacy Improvement programme to deliver against this plan.