The European Union's Data Protection Directive is concerned about any information, either by itself or used with other pieces of information, that could identify a living person. This information could be items such as email addresses, passport numbers, driver's licence numbers, financial details, union membership, medical history or information relating to a person's sexual, religious or political beliefs.

On December 15, 2015, the EU agreed to replace the existing EU Data Protection Directive with the EU General Data Protection Regulation (EU GDPR).

The EU GDPR brings in new obligations to companies and will come into effect in May 2018. Under the EU GDPR, there will be a number of new rules for companies. These will include the obligation to appoint a Data Protection Officer; companies who suffer from a security breach will be obliged to notify "the supervisory authority" without delay or within 72 hours; and there will be fines for companies who are proven negligent in the case of a security breach, to name but a few.

These new rules will have implications for how businesses handle and secure the personal data entrusted to it by its customers and staff. While it will take time for the EU GDPR to come into full effect, it will also take time for companies to be properly prepared for that eventuality.

The checklists that we have compiled (see above and below) will help you obtain better assurance regarding how your company is prepared for these new regulations. An incomplete or negative response to any of the following items indicates the relevant area of risk needs to be addressed.

Brian Honan is an independent security consultant with BH Consulting. He will be speaking at Dublin Info Sec 2016 along with industry leaders in the sector. For more information: independent.ie/infosec2016