An appeal has gone out to Barbados and the region to strengthen their cyber security, especially in light of the recent introduction of the cyber security legislation, the General Data Protection Regulation (GDPR), by the European Union.
It came from Business Development Officer at the Caribbean Israel Centre for Cyber Defense (CICCD), Daidre Leacock, during a press conference at the Barbados Investment Development Corporation (BIDC) this morning.
The law, effective May 25, 2018, elevates personnel data to the level of being an asset. Under the GDPR, any entity, government or private, that has the information of any EU citizen or business would be mandated to put measures in place to adequately protect the information.
Failure to do so would result in an organisation or company being held liable for any information lost during a cyber attack, and fined up to four per cent of its global turnover, or up to 20 million euros.
In addition, it stipulates that a breach must be reported, as well as the names of those affected, to the data protection authorities in the European Union within 72 hours. EU citizens also have the right to have their data erased from an entity’s database.
“There is no room for error…. It has great implications for the region as it is now. Cyber security is no longer an option, it is mandatory for us to get up-to-date,” Ms. Leacock warned, emphasising that Caribbean countries were highly vulnerable to hacks.
She advised agencies and companies in Barbados, including those owned by Government, which conduct business with European businesses or citizens, to take steps to ensure their compliance, such as training.
“This is not a situation that we can take for granted, especially for offshore companies. While Barbados may have some offshore companies here, they indeed are going to be highly impacted because if any EU citizen is hacked and their information is out there, they [the company] will be fined.
“So, the onus is on organisations and companies to become compliant. Make sure they have the information ready and data secured. It’s going to be more expensive to pay a fine than to become compliant,” the official stressed.
In this regard, the CICCD has partnered with the island’s Data Processing Department, the Telecommunications Unit, the Barbados Defence Force and the BIDC to raise awareness on cyber risks. It will be done through two webinars to be held on Tuesday, May 29, and Wednesday, May 30, streamed via its website.
All hour-long sessions are scheduled to begin at 10:00 a.m. and are free of cost. They will be conducted by the Mer Group, one of the world’s leading and groundbreaking cyber security and intelligence companies.
Ms. Leacock noted that the first webinar would be an introductory course targeting members of the public, stating: “We have situations where we leave cyber security and risks only up to the IT Department. However, every person in the organisation is exposed, especially if they don’t have the basic knowledge and understanding of ‘how can what I do affect my company’,” she explained.
The second webinar, however, has been tailored to meet the needs of those in critical information technology roles. It will focus on the new EU cyber security law, and data protection.
The CICCD was born out of a partnership between the Government of Israel and the Caribbean to build out the region’s capacity to deal with cybercrime. The Center works with Barbados, the British Virgin Islands, Trinidad and Tobago, Suriname, Anguilla, St. Maarten and member countries of the Organisation of Eastern Caribbean States.