BRIDGETOWN, Barbados (CMC) – Caribbean countries have been urged to strengthen their cyber security, more so in light of the recent introduction by the European Union of the General Data Protection Regulation (GDPR) cyber security legislation.
Business Development Officer at the Caribbean Israel Centre for Cyber Defence (CICCD), Daidre Leacock, told a news conference Tuesday that the law which becomes effective May 25, elevates personnel data to the level of being an asset.
Under the GDPR, any entity, government or private, that has the information of any EU citizen or business would be mandated to put measures in place to adequately protect the information.
Failure to do so would result in an organisation or company being held liable for any information lost during a cyber-attack, and fined up to four per cent of its global turnover, or up to Euro 20 million.
In addition, it stipulates that a breach must be reported, as well as the names of those affected, to the data protection authorities in the European Union within 72 hours. EU citizens also have the right to have their data erased from an entity’s database.
“There is no room for error…. It has great implications for the region as it is now. Cyber security is no longer an option, it is mandatory for us to get up-to-date,” Leacock said, warning that Caribbean countries were highly vulnerable to hacks.
She advised agencies and companies in Barbados, including those owned by government, which conduct business with European businesses or citizens, to take steps to ensure their compliance, such as training.
“This is not a situation that we can take for granted, especially for offshore companies. While Barbados may have some offshore companies here, they indeed are going to be highly impacted because if any EU citizen is hacked and their information is out there, they [the company] will be fined.
“So, the onus is on organisations and companies to become compliant. Make sure they have the information ready and data secured. It’s going to be more expensive to pay a fine than to become compliant,” the official stressed.
In this regard, the CICCD has partnered with the island’s Data Processing Department, the Telecommunications Unit, the Barbados Defence Force and the BIDC to raise awareness on cyber risks. It will be done through two webinars to be held on May 29, and 30.
Leacock noted that the first webinar would be an introductory course targeting members of the public.
“We have situations where we leave cyber security and risks only up to the IT Department. However, every person in the organisation is exposed, especially if they don’t have the basic knowledge and understanding of ‘how can what I do affect my company’,” she told reporters.
The second webinar, however, has been tailored to meet the needs of those in critical information technology roles. It will focus on the new EU cyber security law, and data protection.
The CICCD is a collaboration between the government of Israel and the Caribbean to build out the region’s capacity to deal with cybercrime. The centre works with Barbados, the British Virgin Islands, Trinidad and Tobago, Suriname, Anguilla, St Maarten and member countries of the Organisation of Eastern Caribbean States.