The Dreaded What Now?

This time of year is great for reading the litany of articles predicting the new year.  I especially love the articles that say we will be hacked more – that is akin to saying that the Patriots will probably win the Superbowl or the Warriors will win the NBA title.  That stated, one such article – 7 cybersecurity predictions – actually brought up a fascinating issue that many U.S. companies are about to face.

The GDPR, or the General Data Protection Regulation, is a new set of EU laws that require all companies in the EU to adhere to strict data protection and privacy rules.  Failure to do so, or worse being compromised because of insufficient protection, will lead to massive fines and even jail time.

U.S. companies should be freaking out…at least those who deal with the EU

Why, You Ask?

The most obvious answer is that the EU regulations extend to any company doing any form of business in the EU.  These laws do not limit the scope to systems in the EU either.  If you are doing business in the EU and your US-based system is compromised, you are liable under these new laws.

But that is not what should really scare US companies.

The reality is that the EU is notorious for doing everything possible to provide competitive advantages to EU countries – often at the expense of US corporations.  Major companies constantly face litigation, fines and other challenges that tend to skew the tables towards EU companies.

The GDPR is a massive new weapon to this end and there is little doubt it will be used to cause all sorts of angst.

What To Do?

Most US companies are not even remotely close to handling these new regulations, they have almost no real ability to protect data and – since most of every enterprise uses wide open connected devices – the biggest threat to our digital economy might be the EU instead of all of those dreaded hackers.

We have talked with a large number of EU companies and their number one goal is to institute a security solution that meets these requirements, provides a clear audit trail and minimizes operational impact.  They admit that nobody has a clue how to proceed and, only now, are people beginning to seriously figure this out.

The trouble is that these problems are not easily remedied and most options fail to provide sufficient help – if there is any help out there at all.

Sure, there are exciting, awesome, amazing new startups (whose name rhymes with Where…) but these large companies don’t want to deal with us newbies…

Unless they have no choice (spoiler alert – they don’t have any choice!)…