How collaboration will ensure GDPR compliance within supply chains

Steven Kenny

The General Data Protection Regulation (GDPR) is a concern for business leaders across the globe. Awareness of the incoming regulation has been improving, with 67% of CIOs advising their business has a clear understanding of the legislation. This will, of course, be crucial going forward, with fines of up to 4 per cent of annual turnover or €20m following a data breach, whichever is higher, potentially affecting businesses’ chances of success.

That said, it is believed only 43% of organisations are actively preparing for GDPR. A significant, and perhaps not commonly publicised risk, is the security of networked devices, with various malware variants utilising IoT technology such as IP cameras as staging grounds for wider attacks. With the cyber landscape changing on an almost daily basis, firms must put in place the necessary procedures to ensure that, even if they fall victim to a breach, they can prove due diligence has been undertaken.

Ensuring supply chain security to mitigate risk

Within the surveillance industry, there has been a significant shift away from analogue CCTV to the internet-connected cameras in use today. This has resulted not only in the increased physical safety and security of different environments, but also greater levels of business intelligence through analytics and big data.

The issues often arise from the way IoT technology is deployed. A worst-case scenario is when an IP-enabled physical security system, installed to protect assets and information, is in fact a network’s weakest link – granting an attacker access to unauthorised areas of the network. As such, with an increasing number of threats facing businesses and an expanding amount of attack vectors, firms need to look further afield than their own four walls to ensure cybersecurity.

Who is liable for a breach if it occurs?

GDPR is designed to bring businesses up to a minimum standard on damage mitigation. The regulation does not stipulate that a business must be unbreachable; only that the prerequisite planning and research has been undertaken, that compliance has been achieved to minimise the potential of a breach, and the firm is geared to effectively react should a breach occur.

This means that organisations within a supply chain may not be directly liable for a breach under GDPR. Instead, responsibility would remain with the company holding personally identifiable information. However, if due diligence is practiced or proven, should an organisation suffer a data breach and subsequently be fined under GDPR, the liability may be cascaded down to an organisation within the supply chain claiming their technology is secure, when it is in fact not.

That is why companies must work with their supply chains to ensure security and best-practice across the board. By implementing due diligence in every step of the supply chain, the burden is further reduced. GDPR compliance is not an issue that will be met by end-users alone. Instead, a collaborative approach where vendors, manufacturers and end-users all take responsibility for cybersecurity effectiveness will ultimately minimise the risk of a damaging breach.

Read our latest e-book to find out more on how to implement a secure approach to IoT technology integration

Download our hardening guide for more in-depth information.

Read about implications for video surveillance:  GDPR white paper