The European Union takes online security seriously, and its new Directive on the Security of Network and Information Systems (NIS) aims to protect the European online economy from cyber threats, while also seeking to increase cooperation on cyber security amongst member states and organisations within the EU.
The Brexit effect
With Britain leaving the EU, it may be tempting to shrug off any EU legislation brought in. How, remember that withdrawal from the EU will likely not happen for a few years, and British companies and organisations will still be influenced by the EU directive post-Brexit.
The directive comes into effect in May 2018. Whatever the timing for Britain leaving the EU, the full implementation of the NIS directive will have to be complied with until Britain leaves. All organisations therefore need to make sure that they are ready to implement the EU policies.
After Britain leaves the EU, Britain could voluntarily align its cybersecurity policies with those of the EU. Any British organisation processing data for EU residents will remain governed by the EU directive.
Key organisations
The EU directive recognises that there are key areas critical to a country’s infrastructure that need protecting. These include energy, transport, health and finance, and organisations within them have a duty to report any cyber security breaches.
Other important areas include cloud storage, search engines, internet exchanges and ecommerce sites. Companies operating in these areas are also required to cooperate by sharing information on security breaches.
The role of Europe
The EU wants Europe to be regarded as a leading player in the global fight against cybercrime. To achieve this, it wants cybersecurity to be at the heart of European policies and directives.
Cooperation
At the heart of the EU’s approach to cybersecurity is cooperation. The EU wants organisations to share information about cyber threats. Whether Britain is in or out of the EU, all UK-based organisations can still share information that can help everyone identify and combat cyber threats.
Data protection
The EU is concerned about data protection and particularly customer data. All companies will need to comply with strict European data protection guidelines. Though many companies already have robust security systems to protect data, there are three important steps that can be taken to protect data and comply with the guidelines:
• In the past, emphasis has been on protecting data stored in a business’s data centre. With the rise of mobile devices and remote working, strategies needs to be implemented to make sure data stored or accessed remotely is protected.
• Many companies use various tools that store and collect data. Consolidating these tools means that there is only one data set to protect.
• Data needs to be automatically tracked, and all data should be identified with customers. In the past, the owner of the data was solely responsible for it. Now, any organisations that process the data are also accountable, including cloud service providers.
Cyber crime is a global phenomenon and does not respect country borders. The EU has done a lot to improve cyber security and its influence will continue to affect Britain and the rest of the world long into the future.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.