A whitepaper looks at current laws and exactly how they impact security implementation in the EMEA region, as well as providing some pointers on using external Managed Security Service Providers (MSSP) for security.
Top myths, according to the report, are as follows: using a third party to process personal data isn’t permitted, transferring data outside the European Economic Area can’t happen, organisations can’t use cloud services for processing or storing personal data, and foreign security and law enforcement authorities automatically have access to personal data.
Data protection law, the report points out, applies almost exclusively to data controllers, meaning the office which decides why and how that data is processed. On the other hand there are data processors, for example, a person who processes that data on behalf of a controller, whether that’s an agent, contractor or service provider, without deciding why and how that data is processed.
Processors, Dell says, are not usually subject to European data protection law.
The ever expanding volume and types of cyber attack make it more difficult for companies to protect themselves. At the same time, laws governing how data is handled are becoming more strict. So it makes sense for organisations to use external security like MSSPs to make sure there is data compliance at the country level, the regional level, and global laws. Dell’s report argues how and why legislation supports these moves.
Stewart Room, partner at Field Fisher Waterhouse, said that compliance with security and data protection laws is vital – but some businesses are unsure of how to tackle the problem.
“It is no wonder businesses lack clarity as the requirements vary for different countries, within the EEA and globally,” Room said. “We have developed this whitepaper with Dell SecureWorks to provide guidance and reassurance for organisations and we have found that the laws in EMEA support the use of external providers such as good quality MSSPs which provide better data security because of their enhanced level of expertise, awareness and threat intelligence”.
The report is available on the Dell Secureworks website, here.