The EU’s General Data Protection Regulation (GDPR) has been in force for almost a year.  It has presented organisations with numerous and onerous obligations intended to enhance their accountability and protect personal data.  The GDPR also provides data subjects with new rights to ensure transparency in the manner such organisations collect, store, process and transmit information about them.  The process has led entities to revise their current procedures and contracts, provide training to all employees, conduct privacy impact assessments, revisit and enhance their existing controls.

Cyberattacks, malware and phishing attacks remain an ever present risk to both private and public sector organisations.  Data loss or data breach incidents may lead to considerable fines under the GDPR. And this besides the reputational damage that such risks present. In view of this backdrop, as organisations strive to enhance their information security infrastructure to prevent such incidents and prevent the loss of personal data as well as confidential business data, the focus on cybersecurity has never been sharper.

Digital transformation has ensured that cybersecurity is one of the biggest issues currently facing organisations. In the near future, cybersecurity will continue being more of a priority as the business world becomes increasingly digital and cyber threats grow in number and sophistication. To succeed in such a scenario, organisations must prepare themselves for emerging threats and issues by having a proactive people-centred strategy in place.  Handled successfully, cybersecurity can give organisations the chance to raise awareness at the C-suite level, thereby helping to strengthen information security.

Yet far from having a negative bent, cybersecurity could prove to be the making of many organisations. In the coming years, it offers firms the chance to lead on some of the biggest changes that business will undergo. Being aware of the main requirements and obligations of GDPR carries the potential to enhance business operations. Taking measures to prevent and minimise the impact of incidents affecting network and information systems on core services ensures their smooth continuity, a feature of businesses which is becoming even more critical to both internal and external operations.

For more information on this topic join EY Malta’s CPE Accredited training event on GDPR Essentials and Cybersecurity on April 25 from 2.30 to 6.15pm at EY’s Connect Centre, Msida. Kindly send an e-mail to to confirm your attendance. Admission fee for this session is €59 (incl. VAT)

Joseph Galea is the director of EY’s IT Risk & Assurance (ITRA) Services service line with over 30 years of experience in IT compliance audits, internal audits, IS security risk assessments, IT transformation programs and GDPR maturity assessments. Jason Grech is a senior manager in EY’s advisory team, specialising in data privacy with significant experience in corporate risk, internal audit and performance improvements as well as GDPR compliance.

Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support Us