“Despite the original deadline for the European Union Data Regulations looming in September, many member states have chosen to postpone the application of the directive for a further 18 months.
While extending the deadline may buy additional time in which telecommunications companies can get their data retention house in order, the reality is that too many organisations are dragging their heels in addressing the regulation – especially as industry estimates predict that it can take up to 18 months to ensure compliance.
In putting the regulations off until the last minute, organisations risk facing additional pressures in a bid to fast track achieving compliance within the imposed deadline - if they can achieve compliance in the first place. There is also the added risk that crime fighting abilities of regional security forces will be detrimentally affected as the EU Data regulations have been designed to help the security services in the fight against crime.
The directive requests that communications providers in member states retain – for a period of between six months and two years – all data that will allow relevant local authorities to trace and source communications. It also aims to identify the time and type of the communication and the location of any mobile communication equipment.
However retaining this data puts tremendous pressure on organisation’s storage capabilities. Not only does the data have to be securely stored, but should an investigation be required, the data will need to be accessed and retrieved as quickly as possible, so as not to hamper proceedings.
Instead of viewing the EU Data Regulations as ‘yet another mandate to comply to’, organisations should instead look at the regulations through the lens of a comprehensive security and governance framework. Chasing the next mandate isn’t the solution. Deploying effective IT controls is.
Installing an off-the-shelf compliance solution a couple of weeks before the deadline simply isn’t enough. Any solution will need to be tailored to meet the specific challenges of each organisation and go through a rigorous testing procedure to ensure that it is robust enough and is capable of storing and retrieving information.
With only a handful of telcos in the UK starting to investigate the regulations, the vast majority will struggle to comply in time.”