GDPR: the number one CISO topic 2017

The Privacy and Data Protection Officers Summit 2017 in London is over, and eperi looks back at a very intense and successful two-day conference.

“The attendees were predominately risk and compliance officers who are naturally very well versed on the upcoming GDPR regulations. We were therefore very pleased to be invited to attend such an event” said Pather, Senior Vice President at eperi. In addition to the legal compliance drivers, many companies acknowledged the GDPR fines were a significant factor for fully implementing GDPR best practices across their enterprise.

According to an analysis by NCC Group, fines from the Information Commissioner’s Office (ICO) against UK companies last year would have been £69m rather than £880,500 if the pending General Data Protection Regulation (GDPR) had been applied. TalkTalk’s 2016 fine of £400,000 for security failings that allowed hackers to access customer data would rocket to £59m under GDPR. Another example, Pharmacy2U’s £130,000 fine, would balloon to £4.4m – a significant proportion of its revenues and potentially enough to put it out of business.

Many of the delegates we spoke to acknowledge the additional complexity of dealing with GDPR regulations when sharing Personal Identifiable Data (PII) and sensitive PII data with third party Data Processors.  Many also acknowledge the challenges of understanding the Data Processor’s position on GDPR and were sometimes confused with the shared responsibilities when it came to the treatment of PII data.

Data Controllers ultimately need to take the responsibility of the GDPR even when using third party Data Processor systems and applications such as SaaS, said Pather.  “Complying with the multitude of requirements GDPR implements is a complex task by itself, but enterprises also want to minimise the complexities and overheads when dealing with Data Processors, like data breach notifications. The eperi CDP solution allows them to do this.” As one of the event’s speakers, Pather presented some of the key GDPR concepts when Data Controllers are sharing or processing PII and sensitive PII data with third party Data Processors. He explained how pseudonymisation through encryption or tokenisation of PII and sensitive PII data was a critical component of addressing their GDPR requirements.

Cloud Data Protection (CDP) solutions like the eperi Gateway can help enterprises comply with GDPR requirements by encrypting Personal Identifiable Information (PII) and sensitive PII data before it leaves the enterprise. It allows the cryptographic key data to be managed entirely within the company, making sensitive data unreadable to anyone without authorization. This process is referred to as pseudonymisation within GDPR and brings significant benefits when dealing with third party Data Processors.

If you missed the Privacy and Data Protection Officers Summit, there are more UK opportunities to talk to eperi experts and find out how the eperi Gateway can help your enterprise comply with GDPR and Cloud Data Security in the near future. Visit us at:

  • May 16th – 17th: IT Security Analyst and CISO Forum 2017, London
  • June 06th – 08th: Infosecurity Europe 2017, London
  • September 18th – 19th: Gartner Security and Risk Summit, London

You can also find further information about the eperi Gateway on our GDPR page and in our resource library.