<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

The GDPR and it's Perpetual Time Stress Torture

Topics: Data Protection, Data Breach, GDPR, Information Security

Posted: 07 December 2016

GDPR time stress data protection

Ever since the invention of the sundial, nothing has haunted humanity more than a lack of time. Mans curse to bear forever since is to periodically mutter the phrase "there's not enough hours in the day" in the hope the planet may spin a little slower and grant us our wish. It hasn't worked yet.

The Impending GDPR

The pressure of time is increasingly occupying the minds of many an IT security leader as of late. The impending crawl towards the introduction of the GDPR (General Data Protection Regulation) into both UK and European law is all consuming. Social media and news outlets are awash with information relating to required changes and the subsequent warnings of penalties so severe they could cause liquidation (of the organisation not the individual).

Come May 2018 the rush to the compliance finish line will be finally over, however the time pressure will not abate.

Time is of the Essence

The GDPR has been specifically designed to empower citizens and the protection of their personal data, forcing changes such as anonymisation of data, increasing security controls and thorough risk analysis. The creators were under no illusion that breaches would still occur in even the most rigorously defended of networks and so the GDPR includes provisions to ensure sufficient response.

Data controllers (those who own the data) are compelled, in circumstances where a breach includes the loss of personal information, to report this to their data protection authority (the ICO in the UK) within 72 hours. There is some breathing-room in that the 72 hour clock only begins ticking at the point of the data controller becoming aware of the breach. Without specific information on how this will be determined, the ICO is likely to ask for evidence proving when the breach was detected.


There are some exceptional circumstances albeit it unhelpfully interpretive. If disclosure is likely to represent a risk to the rights and freedoms of the data subjects then the three day time pressure may become less definitive in an attempt to be flexible to the data subjects benefit.

The GDPR doomsday clock to implementation which today ticks down to May 2018 is on reflection a more relaxed place to be in. With upwards of 16 months of preparation time, there is much that can be achieved. Once in place the GDPR will reduce the time to respond to a breach so dramatically shares in tenterhooks will be be a good investment.

In the future, hindsight is likely look back on the path to GDPR with envy. We had time on our side and we didn't even know it.

Data Protection CCTV GDPR for Life

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts