GDPR aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world; the new guidance reflects the fact that it is a vastly different world from the time when the ‘original’ 1995 Data Protection Act was established. If an organisation is found to be in breach, it can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). That’s a big stick for any size of organisation and it is motivating many organisations to get their house in order before the deadline. That’s a relatively simple process for some and much more complex for others, particularly where organisations are handling significant amounts of personal data in order to deliver their services. It’s also complex and a less navigable process for organisations based outside the EU, but who are handling personal data of EU citizens.
But there’s another very significant implementation date in May 2018; the UK is implementing the EU directive on the security of Networks and Information Systems (known as the NIS Directive) today, 9 May 2018. The EU Directive has been put in place following a string of high profile cyber-attacks, including the 2017 WannaCry ransomware attack, the 2016 attacks on US water utilities, and the 2015 attack on Ukraine’s electricity network. Network and information systems play a vital role in society, from ensuring the supply of electricity and water, to the provision of healthcare and passenger and freight transport. Interestingly, this week also marks a major milestone for London Underground’s sub-surface lines (Metropolitan, Hammersmith & City, Circle and District) upgrade programme; the new Hammersmith Service Control Centre (SCC) was commissioned over the Bank Holiday weekend. This project, now known as the Four Lines Modernisation (4LM) project, will allow for full Automatic Train Operation to be enabled on the four lines, delivering a significant capacity boost to London’s rail network, which certainly does play a vital role in society.
Threats continue to evolve rapidly, and these important directives and regulations have been implemented to protect us. It’s an increasingly complex challenge to protect our city infrastructure, services and people against the wide range of threats, both physical and cyber, and these directives and regulations being implemented in May 2018 are important milestones.