Texture Side Right Grey 03

General Data Protection Regulation

New laws in the European Union

The cyber threat environment in Europe is evolving rapidly. The growing size, sophistication and severity of attacks mean that traditional security systems can often be overwhelmed or circumvented. Even the most sophisticated cyber security systems are being thwarted, as hackers engineer increasingly innovative attack techniques that often target the weak links such as suppliers and employees.

The General Data Protection Regulation (GDPR) is not just another data security regulation. It is a sweeping piece of European Union (EU) data protection legislation that will impose significant new obligations on how organizations handle personal data as it makes doing business easier.

Its purpose is to consolidate and simplify rules related to the processing of information about customers, clients and prospects, including the free movement of data across and between organizations. Non-compliance could be a significant threat to an organization’s reputation and bottom line.


How to cope with GDPR strict breach reporting rules


GDPR Assessment

Business impact of GDPR

There are negative consequences to non-compliance with GDPR requirements. Financially, you can be fined up to €20 million or 4% of your annual worldwide turnover, whichever is greater — with Tier Two fines far exceeding the current maximum of £500,000 imposed by the UK’s Information Commissioner’s Office.

If data breaches remain at the same level as in 2015, the European regulator could see a near 90-fold increase in fines according to the PCI Security Standards Council (PCI SSC) — a staggering £122 billion, based on the maximum fine.

Who does this affect?

Board Members

Rarely do IT-based decisions affect board-level members as GDPR will do. The financial impact centers around a two-tier fine system:

  • Tier One - Up to €10 million or up to 2% of annual worldwide turnover, whichever is higher.
  • Tier Two – Up to €20 million or up to 4% of annual worldwide turnover, whichever is higher.

CISOs and other executives

‘State-of-the-art’ security is mentioned within the GDPR legislation. Although it is open to interpretation, CISOs and other executives will want their organizations to take steps to:

  • Undergo response readiness training.
  • Install crisis communication plans.
  • Use technology to minimize breach opportunities.

IT Managers

An estimated 1.5 million cyber security roles are expected to remain vacant by 2020. And the rapidly increasing number of genuine alerts and false positives will only continue to make it more challenging to identify and respond to breaches. Organizations will need to:

  • Hire and retain suitably qualified security experts.
  • Implement strong response processes, that include notifiying the Data Protection Officer of suspected breaches.
  • Generate detailed reports quickly.

SOC Analysts and other experts

The ever-increasing volume of breach alerts will increase the stress on security professionals. To improve their effectiveness, they will need to:

  • Be better able to identify false positives quickly.
  • Prioritize critical alerts with contextual threat intelligence.
  • Improve workflow processes for increased efficiency.

Related resources

Related products and services


Response Readiness Assessment

Assess and improve your ability to detect, respond to, and contain advanced attacks.

Mandiant Consulting Services

Mandiant Consulting Services

Discover how consulting services can help you overcome security challenges and better protect your organization.

Security Program Assessment

Security Program Assessment

Improve your security posture by evaluating your information security program.

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our
consulting and managed detection and response services.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914