“In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe ‘fit for the digital age’. Almost four years later, agreement was reached on what that involved and how it will be enforced.” The result: The General Data Protection Regulation, otherwise known as GDPR. At its core, it is a new law that gives European Union citizens more control over their personal data, which requires users to be notified when companies use any form of general personal data such as photos, names, address, or credit card numbers. It also extends to IP addresses, genetic data, and biometric data.
In this month’s Security Newsletter, we will take a look at some of the positive outcomes of the new law, and some of the new challenges facing the information security world.
First, the positive.
Improves Customer Trust
When customers feel that their information is protected, they stay loyal to a business. Picture Company A and Company B who sell similar products. Company A complies with GDPR and therefore has never been breached. Company B has no security standards and is more susceptible to breaches. In a world where technology effects our everyday lives, customers are more aware of the security standards held by their product owners. Think of the GDPR as a competitive edge to your business.
Complying by the GDPR means that your company is required to report a known breach within 72 hours, which is a giant step in a positive direction for customers. In a recent Yahoo breach, 500 million users had usernames, email addresses, dates of birth and passwords stolen. Yahoo did not report this for over two years and left users in the dark in order to protect the company’s reputation. The GDPR will now require businesses to be transparent by notifying users of breaches within the appropriate time period.
And now, the challenges.
A consumer may not be affected by this challenge, but as a business this is a major concern. Fines for not complying to the GDPR regulations can become extremely detrimental. Google and Facebook faced up to $9.3 billion in fines within the first effective day of the GDPR. More detail on the fine parameters can be found within the following link https://www.gdpreu.org/compliance/fines-and-penalties/ (1)
If you are an international business owner with a third-party cloud service located in the UK for example, you are now also required to comply with the GDPR. “The GDPR won’t just affect companies based in the EU, despite the fact it concerns the data of EU citizens. Any business handling the data of EU citizens – whether customers, employees or other stakeholders – must comply, no matter where the business is located.” This is a new challenge for global businesses who may need to restructure their policies in other locations.
It is important for businesses and consumers to understand that the GDPR is not just another regulatory obligation, but a means for aligning business and technology. Now that data and technology are becoming the leaders of our digital world, businesses and consumers alike must consider a comprehensive approach to information and data management policies within their companies.
Don’t live in the EU but want to know more? Check out this video.
By, Matthew McCaffrey