2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
Happy Anniversary GDPR – 2 Years On!
As more and more data breaches are occurring around the world, the pressure on organizations to comply with general data privacy rules and regulations or specific security standards like PCI-DSS increases. Irrespective of the platform (HPE NonStop or otherwise) on which the data is collected or processed, it is vital that organizations apply best practice security standards and comply with data protection regulations like ‘GDPR’.
G D P R – Four letters that have supposedly changed the way data security and privacy is viewed on a global scale. Now, two years on since the European General Data Protection Regulation (GDPR) was introduced on the 25 May 2018, can we honestly say that there has been an improvement in the way data privacy and security are handled?
GDPR is classified as being a European law that protects the data rights of European citizens but extends to any organization that collects, stores or uses EU citizen data. Failure to appropriately meet the necessary compliance guidelines will result in fines that could range in the millions being issued by the independent regulatory bodies that enforce GDPR. Every nation has one: in the UK you have the ICO, in Germany you have the BfDI, in France, there’s the CNIL, and Italy has the DPA Garante.
Truth be told, it is unacceptable today if an organization is found to be non-compliant. From the time organizations were first pre-warned about GDPR back in 2016, it has now been four years. That’s four years to assure compliance, ensure systems that store, use and collect data are secure and have the necessary processes and policies in place to meet the GDPR standard.
Yet, the constant barrage of data breaches being reported act as a perfect reminder that there is much work to be done to drill home the message.
GDPR Got Teeth
Since its inception, there has been an increase in the number of data breaches, but this is likely due to the fact that organizations are now reporting more to the authorities – it helps that there is a 72-hour deadline for this to happen.
Yet, in the UK, it took over a year for the ICO to charge its first GDPR violator. A local London pharmacy was fined £275,000 (€307,762) in December 2019. The first fine to range in the millions was issued by Germany’s BfDI to one of the country’s largest internet and mobile providers, 1&1 Ionos. The penalty here was €9,550,000 after the company lacked sufficient protection for personal data and violated Article 32 of GDPR.
But the unwanted title of having the largest fine imposed under GDPR in Europe to date goes to Google, with French regulators CNIL enforcing a fine of €50m on the tech giant after it was found to have provided inadequate information to its users about data consent policies and restricting control on how data was used.
These are all substantial fines in their own rights and should be heeded as a warning by other businesses that are taking a nonchalance stance to GDPR compliance. Furthermore, there are a variety of ways companies have been found to be non-compliant. For organizations outside of the EU’s remit that are struggling to fulfil data security obligations, GDPR can also be used as a helpful guideline.
Aside from the obvious benefit of data security and privacy, GDPR has also allowed organizations to be more open and bridge communication with users as to how data is being leveraged to create a better customer experience. This is where trust between a brand and a customer can blossom. However, if a company suffers a breach and is found to have failed in meeting GDPR compliance, both the financial and reputational damage can be almost irreparable.
Even though we are only two years into life with GDPR, the regulation has undoubtedly highlighted the importance of the privacy and security of data today, and in this position, it can never be cast aside.
The Choice is Yours: Adopt Data-centric Security or Risk GDPR and PCI Non-Compliance
Are you considering data-centric security for protecting personal data but need help convincing others at your organization? Click the button below to get a white paper from the cybersecurity experts at CyberEdge that explains in-depth how data-centric security reduces compliance scope and minimizes the risks of a data breach.