skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Straight Talk Technology

Ovum view

Compliance is a significant lever on security, and as such the compliance function plays a critical role in security controls. 

Complying with the EU General Data Protection Regulation (GDPR) probably has the highest profile today for many organizations. Affecting the personal data of all EU citizens, irrespective of where the data is held (including outside of the EU), the regulation comes into force on May 25, 2018. 

Another piece of legislation coming into force in May 2018 that is certainly receiving fewer headlines than the GDPR is the EU Networks and Information Systems (NIS) Directive. The UK's National Cyber Security Centre (NCSC) points out that the reliability of network and information systems, and the services they support, are essential to everyday activities. As such, the NIS Directive has been developed to improve EU member countries' preparedness for a cyberattack. It applies to a wide range of organizations that are identified as either operators of essential services (OES) or competent authorities (CAs), the former of which includes the digital infrastructure sector. The directive sets out requirements for providers of "digital services," such as online marketplaces, search engines, and cloud computing. Member states must mandate that both essential and digital service providers employ adequate measures to manage risks and deal with incidents. The deadline for implementing the EU NIS directive into domestic legislation is May 9, 2018, highlighting another piece of compliance for many organizations to address next month. 

Cybersecurity standards are being raised not just in the EU but across the globe. To some extent, the world of security is in a better place than it was 12 months ago, due in no small part to compliance initiatives. There can be little doubt that potential sanctions have driven cybersecurity to boards' attention. This is backed up by Ovum's ICT Enterprise Insights, showing that the management of security, identity, and privacy is the second-most important priority for organizations this year.

As with all compliance issues, security-related compliance is not "done once," but requires long-term commitment and review. Rarely is it possible to achieve 100% compliance with all demands 100% of the time, but demonstrating best efforts for security is crucial if the GDPR, NIS, and other legislation and regulation are to be addressed. The lever from the compliance function will continue to play a big role in security controls.

Straight Talk is a weekly briefing from the desk of the Chief Research Officer. To receive this newsletter by email, please contact us.

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now