View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 15, 2014

Regulation in 2015 – 5 key predictions for the year ahead

EU Data Protection Regulation, right to be forgotten and heavy fines for non-compliance - your need-to-know guide to regulation in 2015.

By Ellie Burns

2014 has seen numerous high profile breaches and data leaks, igniting a debate surrounding regulation and technology. CBR highlights what industry experts think the regulatory landscape is going to look like in 2015, providing insight into what 2015 regulations could mean to you and your business.

1. Control returns to the EU

"In 2013 & 2014 security breaches, vulnerabilities and revelations around security were not only common headlines but also serious issues for many businesses. I don’t see that changing in 2015, but what may change is ever increasing regulation and controls to mitigate the impact and return some control to the EU", commented Kevin Linsell, head of service development at Adapt.

"Some of these changes, such as the revised EU Data Protection Regulation are fast becoming law and the impacts, such as the ‘Right to be Forgotten’, can be assessed by an organisation."

"There are other regulations that industries need to prepare for, such as working towards Solvency II ahead of it coming into effect in 2016 in the Insurance sector."

2. Compliance poses challenges

Symantec’s Sian John, Chief Security Strategist, EMEA commented, "2015 will see continued focus and concerns on privacy and how information is being used as the EU looks to implement its new Data Protection Legislation."

"For businesses in Europe, juggling the need to ensure compliance with the new regulations, while keeping pace with the global economy by using their vast amounts of data to drive new services and revenue streams, will create new challenges for organisations in 2015."

3. Regulation will cause IT strategy rethink

Stephen Midgley, VP Global Marketing, Absolute Software commented: "Businesses may think they have a future proof IT strategy in place, but substantial regulation changes on the horizon will force a considerable rethink."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"The EU Data Protection Regulation which should come into force in 2017, will ramp up businesses’ responsibility for data security, increasing sanctions for mishandling it. In short, this means fines of up to two per cent of a business’s annual global turnover and possibly a requirement to report a breach within 24 hours."

"This has ramifications for any strategy that is based around data – like BYOD, storage, internet of things and cloud. Because the changes in law are radical, organisations will have to work hard in 2015 to have a chance of complying and avoiding substantial fines when the new laws come in."

4. Defacto standards for the Cloud

Simon Aspinall, President at Virtustream commented, "As the cloud market matures calls for an official regulatory body will increase. However, the speed with which the industry is moving makes it very difficult to draft regulation, making a traditional regulator (similar to Ofgem in the utilities sector), impractical. In its stead, we will see market pressure and customer expectations from the enterprise, driving defacto standards."

"The closest we could get to a regulatory body in 2015 would be the emergence of a third-party referee for contentious issues such as measuring up-time, SLA levels or insurance liability. This would most likely take the form of publically published information from application/cloud monitoring companies."

5. What about the US?

David Gibson, VP at Varonis, took a look across the pond to see what changes we can expect from the US. He commented, "Early in 2014, after the Target breach there was some support in the U.S. Congress for a national breach notification law. Proposed legislation would put into place for the first time a single set of rules for alerting consumers when their personal information has been exposed."

"Unfortunately, the idea has not advanced any further. More progress has been made in Europe. The highly anticipated EU Data Protection Regulation or DPR would require consumers to be promptly alerted after a data exposure. The new rules are modeled after breach reporting requirements already in place for ISPs and telecom carriers."

"Will the DPR finally be approved in 2015? It’s still possible, although some of its tougher requirements — right to be forgotten and heavy fines for non-compliance — will likely be relaxed. In any case, data security laws are moving in the direction of greater consumer safeguards. We’ll see which side of the Atlantic has more political will to protect consumers in the coming year. The final results will have a strong influence on consumer confidence in global companies."



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.