Attackers Constantly Threaten the Survival of Organisations, but there is a New Shark in the Water: Carcharodon Carcharias Moderator Europa Universalis

Many attackers constantly threaten the very survival of all organisations. They will attack any and every IT component of every organisation, whether financial, industrial, retail, service, educational, charitable or governmental, using whatever means they can to breach these systems. They ignore legislation, regulations and standards, do not care who they inconvenience, or hurt. They have no moral scruples and will have no compunction about attacking the weakest link in any organisation - the people. Why is this a problem? The answer is the European Union General Data Protection Regulation, which is effective from 25th May, 2018. The new regulator will have the power to impose fines for non-compliance to the maximum of 20 million or 4% of the previous year's global turnover. Jurisdiction for organisations requiring to be compliant is now global and these organisations are obliged by regulation to report any breach within 72 hours of discovery, potentially leading to massive fines. In this paper, we highlight the need for all such organisations to be aware of the serious pitfalls they face when considering the impact of this regulation should they fail to be compliant. We make some sensible suggestions for actions that organisations might take to mitigate their risk now. We also outline our plans for a test study to determine how effective our suggestions might be.

[1]  Jef Ausloos,et al.  The Right to Be Forgotten Across the Pond , 2013, Journal of Information Policy.

[2]  M. Papes,et al.  Effects of life‐history requirements on the distribution of a threatened reptile , 2017, Conservation biology : the journal of the Society for Conservation Biology.

[3]  Bert-Jaap Koops,et al.  The trouble with European data protection law , 2014 .

[4]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[5]  Scott Russell,et al.  The EU General Data Protection Regulation (GDPR) , 2018 .

[6]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[7]  Jatinder Singh,et al.  On middleware for emerging health services , 2014, Journal of Internet Services and Applications.

[8]  Siani Pearson,et al.  Towards Accountability in the Cloud , 2011 .

[9]  Beata A. Safari Intangible Privacy Rights: How Europe's GDPR Will Set a New Global Standard for Personal Data Protection , 2017 .

[10]  Barbara Guttman,et al.  An Introduction to Computer Security , 1995 .

[11]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[12]  Mehrdad Sabetzadeh,et al.  Assessing IT Security Standards Against the Upcoming GDPR for Cloud Systems , 2015 .

[13]  Jatinder Singh,et al.  Data Flow Management and Compliance in Cloud Computing , 2015, IEEE Cloud Computing.

[14]  C. Kuner The European Commission's Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law , 2012 .

[15]  Alessandro Mantelero,et al.  The EU Proposal for a General Data Protection Regulation and the roots of the 'right to be forgotten' , 2013, Comput. Law Secur. Rev..

[16]  Bob Duncan Can EU General Data Protection Regulation Compliance be Achieved When Using Cloud Computing , 2018 .

[17]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[18]  Bob Duncan,et al.  Unikernels for Cloud Architectures: How Single Responsibility can Reduce Complexity, Thus Improving Enterprise Cloud Security , 2017, COMPLEXIS.

[19]  Ira S. Rubinstein,et al.  Big Data: The End of Privacy or a New Beginning? , 2013 .

[20]  Robert Anderson Keith Duncan,et al.  Enhancing Cloud Security and Privacy: The Unikernel Solution , 2017 .

[21]  Bob Duncan,et al.  Cloud Cyber Security: Finding an Effective Approach with Unikernels , 2017 .

[22]  David M. Eyers,et al.  Policy enforcement within emerging distributed, event-based systems , 2014, DEBS '14.

[23]  Siani Pearson,et al.  Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography , 2011, STA Workshops.

[24]  Giovanni Buttarelli,et al.  The EU GDPR as a clarion call for a new global digital gold standard , 2016 .

[25]  Siani Pearson,et al.  A toolkit for automating compliance in cloud computing services , 2014, Int. J. Cloud Comput..

[26]  Bob Duncan,et al.  Can Forensic Audit Help Address the Cloud Forensic Problem in Light of the Requirements of the Forthcoming European Union General Data Protection Regulation , 2018 .

[28]  Robert Anderson Keith Duncan,et al.  Creating an Immutable Database for Secure Cloud Audit Trail and System Logging , 2017 .

[29]  Jesper Zerlang GDPR: a milestone in convergence for cyber-security and compliance , 2017, Netw. Secur..

[30]  Tom Rodden,et al.  Playing the Legal Card: Using Ideation Cards to Raise Data Protection Issues within the Design Process , 2015, CHI.

[31]  Luiz Costa,et al.  Privacy and the regulation of 2012 , 2012, Comput. Law Secur. Rev..

[32]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.