Without much hesitation, I am certain that my experience of the past eighteen months has been similar to others. Attending and consuming countless GDPR focused conferences, webinars, panel discussions, blog posts and webinars in an effort to strengthen my own grasp of the topic and to trade suggestions on real-life application with peers. There is much to gain from such occasions.

Otherwise known as the measuring stick by which your some of your GDPR compliance will be assessed, the six core principles of the GDPR are the basic foundations upon which the regulation was constructed. Unquestionable and pure in nature, they are somewhat rarely acknowledged for one simple reason; five of the six have no real application in helping to peddling products and solutions.

It's almost six months until the implementation date of the European GDPR (General Data Protection Regulation) and the UK begins its journey toward the club's exit door. The release of the DPB (Data Protection Bill 2017) has confirmed the UK's position on how it plans to remain tied, yet distinct from its European neighbours.

The IT security industry, having grown each year since the dot-com bubble, is famously known as being a recession-proof investment. As more of our lives and our businesses grow to rely on the benefits of IT and the internet, so does the need to protect that reliance from any event which threatens it.

If the GDPR were a sea, it would be vast, confusing and in some places its shallow rocky geography would threaten metaphorical ships with disaster. Guidance for any would-be captain is plentiful; just searching for the term ‘GDPR’ in Google yields hundreds of thousands of results. From the basics of learning your portside and starboard to the more practical of how to protect your vessel from the supervisory authority’s arsenal, much is covered. That is with the exception of working with third-parties and most importantly, cross-border processing, something which is a normal aspect of business today, irrespective of size. This darker corner of the regulatory map is less often explored and must begin with identifying who is wearing the hat of the data controller and the data processor.

There is not much which sits higher in the priority list of information security professionals today than the GDPR (General Data Protection Regulation). Record high penalties versus sweeping changes in the practice of collecting and processing personal data have led some information security teams to focus on nothing else in the coming 12 months.

We have all been conditioned to fear the arrival of May 2018. Hell-fire, brimstone and a newly powerful Information Commissioners Office (ICO) will rain administrative fines from the skies. Yet, for those who have summoned the ability to stay awake long enough to brave the final pages of the regulation, article 99 suggests its implementation date is less clear than originally thought.

Everybody has heard of fake news. Any politician worthy of their claim to modernity has dispensed the term as a battle cry against challenging forces. Bias, misunderstanding, spin, bending the truth are just some of the linguistic aliases which sit on a sliding scale of innocent mistake to concocted falseness.

If the GDPR (General Data Protection Regulation), the EUs data protection harmonisation project, was to become a Hollywood movie, its genre would most likely be horror. Focus on the regulation over the past twelve months has been mostly aimed toward its penalties, with scare stories in no short supply.

If I had earned £1 for every time I was asked “which IT security solutions help with the incoming GDPR (General Data Protection Regulation)?” I would be able to purchase every possible solution myself. Only that would still fail to answer the question because it’s just not that simple. Nothing ever is.

The pen is mightier than the sword is a phrase that can never be truer than in cyberspace, a place where words define your very ability to be noticed in a crowd.

Ever since the invention of the sundial, nothing has haunted humanity more than a lack of time. Mans curse to bear forever since is to periodically mutter the phrase "there's not enough hours in the day" in the hope the planet may spin a little slower and grant us our wish. It hasn't worked yet.

IT security loves fear, it's the very foundation upon which it is built. Much like the physical security world, without the fear of the possible, there would be no risk and no purpose to reduce it.

Whether you were aware or not, the UK Data Protection Act has been protecting your digital identity and personal data since 1998 – a relative dinosaur in the fast-changing world of IT. However, as of April 2016, this piece of legislation has been given a two year expiration date. 

After months of public debating, the binary answer to what is likely to be the most momentous decision the UK will make in my lifetime was finally within reach. The ultimate question was answered: the UK was to leave the EU, but what is left in its place?