Two laws have taken effect in 2018 that will reshape the way Cloud service providers operate. The EU GDPR (General Data Protection Regulation) and NIS Directive (Directive on security of network and information systems) place an added emphasis on organisation’s ability to prevent data breaches and ensure that critical infrastructure remains operational in the event of disruption.
It’s easy to see these as compliance burdens that will take up time and cost you money, but they can also be hugely beneficial – and not only because of the security ramifications. Organisations can use compliance to demonstrate to clients that they are secure and reliable, helping them win business and strengthen their trust among existing customers and vendors.
Focusing on the business advantages of information security and business continuity gives organisations the opportunity to streamline their compliance efforts. Managers can relate each requirement of the GDPR and NIS Directive to specific business objectives, giving them additional reasons to justify the resources it will take to achieve compliance.
Both laws contain a long list of requirements, many of which we discuss in our GDPR and Directive blogs. When it comes to implementing those requirements, there’s a lot of overlap – both in terms of general approach and specific measures. This means that a lot of the work you do for one set of requirements can be replicated for others.
For example, both focus on security, incident response and performance evaluation, and they each establish requirements for incident reporting. Additionally, both stipulate that these measures should be risk-based and recognise technical and organisational solutions.
This shouldn’t be a surprise, because risk-based approaches are at the heart of cyber security and business continuity. Without accurate information about the threats you face, it’s difficult to make sure you’re allocating resources correctly and addressing issues adequately and proportionately.
Knowing where to begin with a project is often organisations’ biggest challenge, but this counts doubly so for information security and business continuity, because there is so much pressure to get it right. Mistakes early on won’t only lead to delays and sunken costs; they could also jeopardise the organisation’s security and result in fines or disciplinary action.
You can make sure you get started on the right track by downloading GDPR and NIS Directive: A business opportunity for Cloud service providers. This free green paper goes into more detail about the ways in which you can make the EU’s new laws work for you.
It explains the key requirements you need to meet and draws parallels between the two laws, helping you simplify the compliance process. It also includes advice on the steps you can take to ensure compliance, and suggests tools and services that you can use to take the next steps.