This Wednesday marks the official 1-month countdown to the GDPR enforcement coming into effect.
While we have all certainly heard lots about GDPR over the last twelve months, now is certainly the time in which we are all watching to see if companies are really policing data in the way they should to be GDPR compliant.
The comment below, from Rufus Grig, CTO at Maintel, explores whether the US is close to its own GDPR moment.
Rufus Grig, CTO at Maintel:
“With the Facebook/Cambridge Analytica row causing a catastrophic drop in trust, is the US close to its own GDPR moment?
Previously, the US and EU were on completely opposite trajectories when it came to the way they viewed consumer data, the EU being much more citizen first – however, the recent Facebook scandal seems to be the last straw, and the US are now joining Europe in the mission for data privacy.
The breach has shown a huge fall in trust for the company, with a recent study highlighting that following its breach, only 27% of consumers trust Facebook to protect their data, compared to 79% in 2017. This lack of trust can be make or break for a company, and what was particularly interesting was the outrage over not being informed of the breach – a requirement of GDPR.
Clearly, the issue has become widespread, and no stone can now be left unturned when it comes to data privacy – no matter the country, this is a global issue. But what is still unclear is whether any company is ‘really’ policing data in the way they should be in order to be GDPR compliant. While it’s true that businesses can’t promise to stave off every attack, they can understand how attacks occur, what types of data is at the greatest risk and how to lessen the blow.
America will be watching closely. If GDPR leads to fewer breaches and better relationships between businesses and their customers/users, then we could well see the US shift its traditionally laissez faire attitude towards one that puts consumer privacy first.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.