top of page

Smoky Bacon Ban from European Regulators

I have heard some shocking headlines over recent weeks, including Ticketmaster, Santander and the NHS being hit with significant Cyber attacks. 

But the latest news coming out of Europe has shaken me to my core!


The EU is set to ban Smoky Bacon Crisps!

Yes, you read that correct! Before you think I’m making this up, you can read the details here.

But it’s not just smoky bacon crisps, it’s 8 other foods that contain artificial smoke flavourings! This is serious stuff, and affects foods including hams, fish and cheese.

This ban follows extensive research conducted by the European Food Safety Authority (EFSA), which revealed that some of these artificial flavourings could potentially lead to genotoxicity.

Basically, they’re saying that artificial flavourings could have health implications which include damaging the genetic material within our cells, which could increase the risk of cancer and other health issues.

What does this have to do with Security?

Great question. I’m glad you asked.

Firstly, this comes from good research, and risk assessments.  This is fundamentally important to keeping us safe (in terms of health), but also keeps us secure (in terms of cybersecurity).

Although Smoky crisps (and flavouring) have been around for a long time, it doesn’t mean that they aren’t reviewed and assessed on an ongoing basis.  This goes to the heart of good risk management – it is always changing and evolving and therefore needs to be reviewed (based on new factors and evidence).

Just as the EFSA conducted thorough research to identify potential risks associated with artificial smoke flavorings, it’s important that we all regularly look at our businesses through the lens of ‘risk’, and see if what we’re doing increases or reduces risks.

By understanding potential threats or vulnerabilities, we able to implement measures to mitigate these risks, much like phasing out harmful flavorings to protect public health.

Compliance is key

This ruling will take affect in the coming weeks, but organisations have 2 years to phase out the use of these flavourings. This is very similar to what happened when the General Data Protection Regulation (GDPR) came into force, but let’s hope the food industry doesn’t react in the same way that a lot of companies did.

When the EU announced that GDPR was to be enacted, it was 2016, and organisations had 2 years to make the necessary changes to their processes.  Over the course of those 2 years, there was a general apathy by most businesses, until almost 6mths before 25th May 2018 (when the GDPR became law).

We saw a general ‘panic’ across many sectors as they rushed to implement a data protection law that unified the approach to protecting data across the EU. 

It’s important to note that this EU ruling will become law. Just like the GDPR, it cannot be ignored and certainly shouldn’t be left until the last minute to make the necessary changes. If they do, then they face fines and legal costs which could be significantly damaging.

Awareness and Education

The headlines will be full of statements about Smoky Bacon crisps being banned! And no doubt the EU will be blamed for bringing in these ‘silly laws’.  However, as I have already shown above, there are very real implications to the food sector, and these are based on extensive research by a credible and respected authority (the EFSA).

Whatever your feelings about this are, there is little doubt that the public will slowly get to hear about this through the usual outlets that they buy their products.  First they need to be made aware, then educated on why this decision has been made.

Just like Cybersecurity, we need to bring people on the journey with us. Making people aware of what is important, and then why it’s important to them is vitally important if we are to improve security and health.

Continuous improvement

In information security, and specifically in ISO27001 we talk about the importance of continual improvement. This means we need to be continually assessing and re-evaluating our operations to see if there are areas to improve. Where there are, we need to approach them diligently and gradually so that any changes are effective and efficient.

This is why changes by the EFSA, and the EU for food safety and for data protection are implemented, but done so with a 2 year grace period to allow organisations to adopt and adapt to the new laws.

As with many aspects of safety and security, this is evolutionary, not revolutionary.

In short, the EU’s ban on smoky flavourings is a great example of proactive risk management, regulatory changes, education and continuous improvement.  These are core principles for Information Security. By drawing lessons from this health-focused decision by EFSA, we can perhaps enhance our own information security posture, ensuring the health and safety and integrity of our own data and systems.

If anyone wants me, I’ll be at the shops buying all the Smoky Bacon Crisps and smoked cheese I can get my hands on! (it’s going to be worth a fortune in 3yrs from now!)


More questions?

Finally, if you are truly concerned about what has happened please contact us and we can offer additional advice and guidance on what you can do to protect yourself, your loved ones and your business.


498 views0 comments


bottom of page